CVE-2026-42013

Discovered by AISLEPUBLISHEDCWE-1284

Description

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

CVSS Base Scores

CVSS v3.1(Primary)

8.2

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected Products

Vendor	Product	Version	Status
Red Hat	GnuTLS	0:3.8.10-4.el10_2	unaffected
Red Hat	GnuTLS	0:3.6.16-8.el8_10.6	—
Red Hat	GnuTLS	0:3.8.10-4.el9_8	—

Credits

Red Hat would like to thank Haruto Kimura (Stella) and Joshua Rogers (AISLE Research Team) for reporting this issue.

References

https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/security/cve/CVE-2026-42013
https://bugzilla.redhat.com/show_bug.cgi?id=2467448