VDB

CVE-2026-42013

CVE-2026-42013 PUBLISHED CVSS 8.2 HIGH

Reported by redhat · Published May 26, 2026

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.

Risk Scores

CVSS 3.1
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 100:3.8.10-4.el10_2
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:3.8.9-9.el10_0.19
Red HatRed Hat Enterprise Linux 80:3.6.16-8.el8_10.6
Red HatRed Hat Enterprise Linux 80:3.6.16-8.el8_10.6
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:3.6.14-10.el8_4.1
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:4.13-3.el8_4.1
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:3.6.14-10.el8_4.1
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:4.13-3.el8_4.1
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:3.6.16-5.el8_6.5
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:4.13-3.el8_6.2
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On0:3.6.16-5.el8_6.5
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On0:4.13-3.el8_6.2
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:3.6.16-7.el8_8.4
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:4.13-4.el8_8.1
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:3.6.16-7.el8_8.4
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:4.13-4.el8_8.1
Red HatRed Hat Enterprise Linux 90:3.8.10-4.el9_8
Red HatRed Hat Enterprise Linux 90:3.8.10-4.el9_8
Red HatRed Hat Enterprise Linux 9.4 Update Services for SAP Solutions0:3.8.3-4.el9_4.6
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support0:3.8.3-6.el9_6.4

…and 41 more

Timeline

  • Apr 30, 2026 CVE Published
  • May 27, 2026 EPSS Score
  • May 27, 2026 Distribution Patch
  • May 27, 2026 Security Advisory
  • May 28, 2026 EPSS Score
  • May 29, 2026 EPSS Score
  • May 29, 2026 Distribution Patch
  • May 29, 2026 Security Advisory
  • May 30, 2026 EPSS Score
  • May 31, 2026 EPSS Score
  • Jun 1, 2026 EPSS Score
  • Jun 2, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›