CVE-2026-42011
HIGHGnutls: gnutls: security bypass due to incorrect name constraint handling
Title source: cnaDescription
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
References (15)
Core 15
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20612
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:20613
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26319
https://access.redhat.com/errata/RHSA-2026:26319
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26409
https://access.redhat.com/errata/RHSA-2026:26409
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:29197
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:30004
https://access.redhat.com/errata/RHSA-2026:30004
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:30849
https://access.redhat.com/errata/RHSA-2026:30849
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:30850
https://access.redhat.com/errata/RHSA-2026:30850
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:32962
https://access.redhat.com/errata/RHSA-2026:32962
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:33125
https://access.redhat.com/errata/RHSA-2026:33125
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-42011
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2467437
https://bugzilla.redhat.com/show_bug.cgi?id=2467437
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:13274
https://access.redhat.com/errata/RHSA-2026:13274
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20611
Scores
CVSS v3
7.4
EPSS
0.0047
EPSS Percentile
37.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-295
Status
published
Products (32)
Red Hat/Red Hat Discovery 2
1782159791
Red Hat/Red Hat Discovery 2
1782166952
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10
0:3.8.10-4.el10_2
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support
0:3.8.9-9.el10_0.19
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 8
0:3.6.16-8.el8_10.6
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:3.6.14-10.el8_4.1
... and 22 more
Published
May 07, 2026
Tracked Since
May 07, 2026