7.1
CVE-2026-42012
- EPSS 0.35%
- Veröffentlicht 26.05.2026 21:29:26
- Zuletzt bearbeitet 30.06.2026 03:19:30
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusaffected
Version
0:3.8.10-4.el10_2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10.0 Extended Update Support
Default Statusaffected
Version
0:3.8.9-9.el10_0.19
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
Version
0:3.6.16-8.el8_10.6
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
Version
0:3.6.16-8.el8_10.6
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version
0:3.6.14-10.el8_4.1
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version
0:4.13-3.el8_4.1
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version
0:3.6.14-10.el8_4.1
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version
0:4.13-3.el8_4.1
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version
0:3.6.16-5.el8_6.5
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version
0:4.13-3.el8_6.2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version
0:3.6.16-5.el8_6.5
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version
0:4.13-3.el8_6.2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version
0:3.6.16-7.el8_8.4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version
0:4.13-4.el8_8.1
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version
0:3.6.16-7.el8_8.4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version
0:4.13-4.el8_8.1
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version
0:3.8.10-4.el9_8
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version
0:3.8.10-4.el9_8
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions
Default Statusaffected
Version
0:3.8.3-4.el9_4.6
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.6 Extended Update Support
Default Statusaffected
Version
0:3.8.3-6.el9_6.4
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Discovery 2
Default Statusaffected
Version
1782159791
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Discovery 2
Default Statusaffected
Version
1782166952
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Update Infrastructure 5
Default Statusaffected
Version
1781525684
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Update Infrastructure 5
Default Statusaffected
Version
1781525671
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Update Infrastructure 5
Default Statusaffected
Version
1781525693
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Update Infrastructure 5
Default Statusaffected
Version
1781525739
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4
Default Statusaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.273 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://access.redhat.com/security/cve/CVE-2026-42012
https://bugzilla.redhat.com/show_bug.cgi?id=2467441
https://access.redhat.com/errata/RHSA-2026:20611
https://access.redhat.com/errata/RHSA-2026:20613
https://access.redhat.com/errata/RHSA-2026:20612
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:26319
https://access.redhat.com/errata/RHSA-2026:26409
https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7
https://access.redhat.com/errata/RHSA-2026:30004
https://access.redhat.com/errata/RHSA-2026:30849
https://access.redhat.com/errata/RHSA-2026:30850
https://access.redhat.com/errata/RHSA-2026:32962
https://access.redhat.com/errata/RHSA-2026:33125