HIGHCVE-2026-42011Published Modified CNA redhat
CVE-2026-42011: Gnutls: gnutls: security bypass due to incorrect name constraint handling
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
Metrics
- CVSS v3.1
- 7.4
- Severity
- HIGH
- Fixed in
- 0:3.6.16-8.el8_10.6
- Affected Products
- 8
Fix available
0:3.6.16-8.el8_10.63.8.13-1.hum1
Affected packages
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:3.6.16-8.el8_10.6
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:3.6.16-8.el8_10.6
- Red Hat / Red Hat Hardened ImagesFixed in 3.8.13-1.hum1
- Red Hat / Red Hat Enterprise Linux 10
- Red Hat / Red Hat Enterprise Linux 6
- Red Hat / Red Hat Enterprise Linux 7
- Red Hat / Red Hat Enterprise Linux 9
- Red Hat / Red Hat OpenShift Container Platform 4
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N