HIGHCVE-2026-42012Published Modified CNA redhat
CVE-2026-42012: Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
Metrics
- CVSS v3.1
- 7.1
- Severity
- HIGH
- Fixed in
- 0:3.6.16-8.el8_10.6
- Affected Products
- 8
Fix available
0:3.6.16-8.el8_10.6
Affected packages
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:3.6.16-8.el8_10.6
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:3.6.16-8.el8_10.6
- Red Hat / Red Hat Enterprise Linux 10
- Red Hat / Red Hat Enterprise Linux 6
- Red Hat / Red Hat Enterprise Linux 7
- Red Hat / Red Hat Enterprise Linux 9
- Red Hat / Red Hat Hardened Images
- Red Hat / Red Hat OpenShift Container Platform 4
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N