CVE-2026-42013 - Vulnerability Details

- Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

Description

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

Published: 2026-05-26

Score: 8.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in GnuTLS allows an oversized Subject Alternative Name to cause the validation process to fall back to checking the Common Name field. This leads to a bypass of certificate validation, permitting an attacker to spoof a legitimate server or perform a man‑in‑the‑middle attack.

Affected Systems

Red Hat Enterprise Linux 6 through 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4 are affected as the GnuTLS library bundled with these distributions contains the flaw. No explicit version ranges are disclosed in the advisory.

Risk and Exploitability

The vulnerability receives a CVSS score of 8.2, indicating high severity, while EPSS is unavailable and the issue is not listed in CISA KEV. Based on the description, the likely attack vector is remote: an attacker supplies a certificate with an oversized SAN, causing GnuTLS to ignore the SAN and incorrectly use the CN for validation. The flaw is classified as CWE‑1284, an overly lenient certificate validation weakness, and if exploited the attacker can impersonate a trusted server or intercept encrypted traffic.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat Enterprise Linux 10

affected

Version	Status	Constraints
`0:3.8.10-4.el10_2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:3.6.16-8.el8_10.6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:3.6.16-8.el8_10.6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:3.8.10-4.el9_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:3.8.10-4.el9_8`	unaffected	< *

Red Hat Red Hat Enterprise Linux 6 unknown —

Red Hat Red Hat Enterprise Linux 7 affected —

Red Hat Red Hat Hardened Images affected —

Red Hat Red Hat OpenShift Container Platform 4 affected —

No data.

Vendor Product Confidence Versions

Gnu

Gnutls

80%

Version	Status	Scheme	Platform
`—`	affected	—	—

Redhat

Enterprise Linux

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Redhat

Hardened Images

83%

Version	Status	Scheme	Platform
`—`	affected	—	—

Redhat

Openshift Container Platform

86%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Red Hat errata that updates GnuTLS to a fixed version.
If a timely patch is unavailable, install a newer GnuTLS release (e.g., 3.9.12 or later) that corrects SAN handling.
Reconfigure applications that use GnuTLS to enforce strict SAN validation and disable fallback to CN, if the application supports it.

Generated by OpenCVE AI on May 26, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4595-1	gnutls28 security update
Debian DSA	DSA-6281-1	gnutls28 security update
Ubuntu USN	USN-8284-1	GnuTLS vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0036.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/security/cve/CVE-2026-42013
https://bugzilla.redhat.com/show_bug.cgi?id=2467448

History

Tue, 02 Jun 2026 15:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2026:20612

Mon, 01 Jun 2026 20:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.2
References		https://access.redhat.com/errata/RHSA-2026:20613

Thu, 28 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 27 May 2026 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gnu Gnu gnutls Redhat hardened Images Redhat openshift Container Platform
Vendors & Products		Gnu Gnu gnutls Redhat hardened Images Redhat openshift Container Platform

Wed, 27 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2026:20611

Tue, 26 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
Title		Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name
First Time appeared		Redhat Redhat enterprise Linux Redhat hummingbird Redhat openshift
Weaknesses		CWE-1284
CPEs		cpe:/a:redhat:hummingbird:1 cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat hummingbird Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2026-42013 https://bugzilla.redhat.com/show_bug.cgi?id=2467448
Metrics		cvssV3_1 `{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N'}`

Subscriptions

Gnu Gnutls

Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-05-26T21:29:32.887Z

Updated: 2026-06-02T15:34:39.371Z

Reserved: 2026-04-23T11:23:46.517Z

Link: CVE-2026-42013

Vulnrichment

Updated: 2026-05-28T14:13:54.446Z

NVD

Status : Awaiting Analysis

Published: 2026-05-26T22:16:42.050

Modified: 2026-06-02T16:16:40.120

Link: CVE-2026-42013

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T10:08:14Z

Weaknesses

CWE-1284
Improper Validation of Specified Quantity in Input

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object