CVE Vulnerabilities

CVE-2026-42013

Improper Certificate Validation

Published: May 26, 2026 | Modified: Jun 30, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
8.2 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

NameVendorStart VersionEnd Version
Red Hat Enterprise Linux 10RedHatgnutls-0:3.8.10-4.el10_2*
Red Hat Enterprise Linux 10.0 Extended Update SupportRedHatgnutls-0:3.8.9-9.el10_0.19*
Red Hat Enterprise Linux 8RedHatgnutls-0:3.6.16-8.el8_10.6*
Red Hat Enterprise Linux 8RedHatgnutls-0:3.6.16-8.el8_10.6*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatgnutls-0:3.6.14-10.el8_4.1*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatlibtasn1-0:4.13-3.el8_4.1*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatgnutls-0:3.6.14-10.el8_4.1*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatlibtasn1-0:4.13-3.el8_4.1*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatgnutls-0:3.6.16-5.el8_6.5*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatlibtasn1-0:4.13-3.el8_6.2*
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRedHatgnutls-0:3.6.16-5.el8_6.5*
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRedHatlibtasn1-0:4.13-3.el8_6.2*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatgnutls-0:3.6.16-7.el8_8.4*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatlibtasn1-0:4.13-4.el8_8.1*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatgnutls-0:3.6.16-7.el8_8.4*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatlibtasn1-0:4.13-4.el8_8.1*
Red Hat Enterprise Linux 9RedHatgnutls-0:3.8.10-4.el9_8*
Red Hat Enterprise Linux 9RedHatgnutls-0:3.8.10-4.el9_8*
Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRedHatgnutls-0:3.8.3-4.el9_4.6*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatgnutls-0:3.8.3-6.el9_6.4*
Red Hat Discovery 2RedHatdiscovery/discovery-server-rhel9:1782159791*
Red Hat Discovery 2RedHatdiscovery/discovery-ui-rhel9:1782166952*
Red Hat Update Infrastructure 5RedHatrhui5/cds-rhel9:1781525684*
Red Hat Update Infrastructure 5RedHatrhui5/haproxy-rhel9:1781525671*
Red Hat Update Infrastructure 5RedHatrhui5/installer-rhel9:1781525693*
Red Hat Update Infrastructure 5RedHatrhui5/rhua-rhel9:1781525739*
Gnutls28Ubuntuesm-infra/xenial*
Gnutls28Ubuntufips-preview/jammy*
Gnutls28Ubuntufips-updates/jammy*
Gnutls28Ubuntufips-updates/noble*
Gnutls28Ubuntujammy*
Gnutls28Ubuntunoble*
Gnutls28Ubuntuquesting*
Gnutls28Ubunturesolute*
Gnutls28Ubuntuupstream*

Potential Mitigations

References