Skip to main content

GnuTLS CVE-2026-42011

| EUVD-2026-28386 HIGH
Improper Certificate Validation (CWE-295)
2026-05-07 redhat GHSA-568w-37qx-3qc6
Authentication Bypass Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Red Hat Hardened Images Red Hat Openshift Container Platform 4
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
SUSE
HIGH
qualitative
Red Hat
7.4 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 07, 2026 - 15:00 vuln.today
CVE Published
May 07, 2026 - 13:51 nvd
HIGH 7.4

DescriptionCVE.org

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.

AnalysisAI

Certificate validation in GnuTLS can be bypassed when a certificate chain contains Certificate Authorities with only excluded name constraints followed by CAs with permitted name constraints. Remote attackers can exploit this flaw (CVSS 7.4, AV:N/AC:H) to present invalid certificates that pass validation, enabling man-in-the-middle attacks or service impersonation against TLS-protected communications. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Compromise subordinate CA in certificate hierarchy
Delivery
Craft certificate with name constraints violation
Exploit
Position CA after excluded-only constraint CAs
Install
Present malicious certificate to GnuTLS client
C2
Bypass validation logic
Execute
Establish man-in-the-middle TLS session
Impact
Intercept sensitive communications
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the target system to validate a certificate chain where an earlier Certificate Authority specifies only excluded name constraints (using the Name Constraints X.509 extension with excludedSubtrees) and a subsequent CA in the chain specifies permitted name constraints (permittedSubtrees). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 7.4 score reflects high confidentiality and integrity impact with network attack vector but high attack complexity (AC:H), requiring no privileges or user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker compromises or establishes a subordinate Certificate Authority positioned in a certificate chain after a CA with only excluded name constraints. The attacker issues a TLS certificate for a sensitive internal domain (e.g., payroll.victim.com) that should be prohibited by a parent CA's permitted name constraints. …
Remediation Apply vendor-released patches for GnuTLS through Red Hat's standard update channels (yum/dnf update gnutls). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all systems running Red Hat Enterprise Linux versions 6-10 and OpenShift Container Platform 4; identify mission-critical applications dependent on TLS certificate validation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-11788 HIGH
7.5 Jun 09

Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu
CVE-2026-48914 MEDIUM
6.7 Jun 12

Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The

CVE-2026-11789 MEDIUM
6.5 Jun 09

Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
CVE-2026-11786 MEDIUM
6.5 Jun 09

Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack
CVE-2026-11611 MEDIUM
6.5 Jun 08

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed

Share

CVE-2026-42011 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy