CVE Vulnerabilities

CVE-2026-42012

Improper Certificate Validation

Published: May 26, 2026 | Modified: Jun 30, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.1 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

NameVendorStart VersionEnd Version
Red Hat Enterprise Linux 10RedHatgnutls-0:3.8.10-4.el10_2*
Red Hat Enterprise Linux 10.0 Extended Update SupportRedHatgnutls-0:3.8.9-9.el10_0.19*
Red Hat Enterprise Linux 8RedHatgnutls-0:3.6.16-8.el8_10.6*
Red Hat Enterprise Linux 8RedHatgnutls-0:3.6.16-8.el8_10.6*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatgnutls-0:3.6.14-10.el8_4.1*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatlibtasn1-0:4.13-3.el8_4.1*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatgnutls-0:3.6.14-10.el8_4.1*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatlibtasn1-0:4.13-3.el8_4.1*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatgnutls-0:3.6.16-5.el8_6.5*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatlibtasn1-0:4.13-3.el8_6.2*
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRedHatgnutls-0:3.6.16-5.el8_6.5*
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRedHatlibtasn1-0:4.13-3.el8_6.2*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatgnutls-0:3.6.16-7.el8_8.4*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatlibtasn1-0:4.13-4.el8_8.1*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatgnutls-0:3.6.16-7.el8_8.4*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatlibtasn1-0:4.13-4.el8_8.1*
Red Hat Enterprise Linux 9RedHatgnutls-0:3.8.10-4.el9_8*
Red Hat Enterprise Linux 9RedHatgnutls-0:3.8.10-4.el9_8*
Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRedHatgnutls-0:3.8.3-4.el9_4.6*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatgnutls-0:3.8.3-6.el9_6.4*
Red Hat Discovery 2RedHatdiscovery/discovery-server-rhel9:1782159791*
Red Hat Discovery 2RedHatdiscovery/discovery-ui-rhel9:1782166952*
Red Hat Update Infrastructure 5RedHatrhui5/cds-rhel9:1781525684*
Red Hat Update Infrastructure 5RedHatrhui5/haproxy-rhel9:1781525671*
Red Hat Update Infrastructure 5RedHatrhui5/installer-rhel9:1781525693*
Red Hat Update Infrastructure 5RedHatrhui5/rhua-rhel9:1781525739*
Gnutls28Ubuntuesm-infra/xenial*
Gnutls28Ubuntufips-preview/jammy*
Gnutls28Ubuntufips-updates/jammy*
Gnutls28Ubuntufips-updates/noble*
Gnutls28Ubuntujammy*
Gnutls28Ubuntunoble*
Gnutls28Ubuntuquesting*
Gnutls28Ubunturesolute*
Gnutls28Ubuntuupstream*

Potential Mitigations

References