VDB
CVE-2026-42013
CVE-2026-42013
PUBLISHED
CVSS 8.2 HIGH
Reported by redhat · Published May 26, 2026
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
Risk Scores
CVSS 3.1
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | 0:3.8.10-4.el10_2 |
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:3.8.9-9.el10_0.19 |
| Red Hat | Red Hat Enterprise Linux 8 | 0:3.6.16-8.el8_10.6 |
| Red Hat | Red Hat Enterprise Linux 8 | 0:3.6.16-8.el8_10.6 |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:3.6.14-10.el8_4.1 |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:4.13-3.el8_4.1 |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:3.6.14-10.el8_4.1 |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:4.13-3.el8_4.1 |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:3.6.16-5.el8_6.5 |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:4.13-3.el8_6.2 |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On | 0:3.6.16-5.el8_6.5 |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On | 0:4.13-3.el8_6.2 |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:3.6.16-7.el8_8.4 |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:4.13-4.el8_8.1 |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:3.6.16-7.el8_8.4 |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:4.13-4.el8_8.1 |
| Red Hat | Red Hat Enterprise Linux 9 | 0:3.8.10-4.el9_8 |
| Red Hat | Red Hat Enterprise Linux 9 | 0:3.8.10-4.el9_8 |
| Red Hat | Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions | 0:3.8.3-4.el9_4.6 |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:3.8.3-6.el9_6.4 |
…and 41 more
Timeline
- Apr 30, 2026 CVE Published
- May 27, 2026 EPSS Score
- May 27, 2026 Distribution Patch
- May 27, 2026 Security Advisory
- May 28, 2026 EPSS Score
- May 29, 2026 EPSS Score
- May 29, 2026 Distribution Patch
- May 29, 2026 Security Advisory
- May 30, 2026 EPSS Score
- May 31, 2026 EPSS Score
- Jun 1, 2026 EPSS Score
- Jun 2, 2026 Distribution Patch
References
- RHSA-2026:13274 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:20611 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:20612 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:20613 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:26319 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:26409 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:29197 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:30004 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:30849 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:30850 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:32962 vendor-advisoryx_refsource_REDHAT
- RHSA-2026:33125 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2467448 issue-trackingx_refsource_REDHAT