Description
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
Published: 2026-05-26
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the gnutls library causes certificate validation to incorrectly fall back to checking DNS hostnames against the Common Name when a certificate contains Uniform Resource Identifier or Service (SRV) Subject Alternative Names. This bug allows a remote attacker to present a specially crafted certificate that can be accepted as valid, effectively spoofing legitimate services and potentially enabling man‑in‑the‑middle attacks or unauthorized disclosure of sensitive data. The weakness is a lack of proper handling of URI and SRV SAN fields (CWE‑295).

Affected Systems

The vulnerability is reported to affect a range of Red Hat products, including Red Hat Enterprise Linux from versions 6 through 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4. No specific product versions are listed as unaffected or affected; therefore any installation that uses the default gnutls library may be vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates a high risk to confidentiality, integrity, and availability. The EPSS score is not available, so the current probability of exploitation is unclear, and the issue is not listed in CISA’s KEV catalog. Attackers would need remote access to a TLS client or server that relies on gnutls and the ability to influence the certificate presented during the handshake. Given the breadth of affected RHEL releases and OpenShift, the attack surface is substantial, making the vulnerability potentially exploitable in a wide range of production environments.

Generated by OpenCVE AI on May 26, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Red Hat security update that fixes CVE‑2026‑42012 for all affected products
  • Restart all services that depend on gnutls to load the patched library
  • Configure TLS applications to enforce strict host name verification for URI and SRV SANs, preventing fallback to CN checks

Generated by OpenCVE AI on May 26, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4595-1 gnutls28 security update
Debian DSA Debian DSA DSA-6281-1 gnutls28 security update
Ubuntu USN Ubuntu USN USN-8284-1 GnuTLS vulnerabilities
History

Tue, 02 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
References

Mon, 01 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.2
References

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu gnutls
Redhat hardened Images
Redhat openshift Container Platform
Vendors & Products Gnu
Gnu gnutls
Redhat hardened Images
Redhat openshift Container Platform

Wed, 27 May 2026 03:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Tue, 26 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
Title Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Weaknesses CWE-295
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N'}

Subscriptions

Gnu Gnutls
Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-02T15:34:36.585Z

Reserved: 2026-04-23T11:23:46.517Z

Link: CVE-2026-42012

cve-icon Vulnrichment

Updated: 2026-05-27T14:21:50.991Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T22:16:41.913

Modified: 2026-06-02T16:16:39.980

Link: CVE-2026-42012

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:08:16Z

Weaknesses
  • CWE-295

    Improper Certificate Validation