← back
CVE-2026-42013

Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

CVSS 8.2 HIGHEPSS 0.4%CWE-1284
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Affected products
Red Hat · Red Hat Discovery 2Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Hardened ImagesRed Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat Update Infrastructure 5

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2026:20611https://access.redhat.com/errata/RHSA-2026:20612https://access.redhat.com/errata/RHSA-2026:20613https://access.redhat.com/errata/RHSA-2026:26319https://access.redhat.com/errata/RHSA-2026:26409https://access.redhat.com/errata/RHSA-2026:29197https://access.redhat.com/security/cve/CVE-2026-42013https://bugzilla.redhat.com/show_bug.cgi?id=2467448