Certificate Validation Flaw in GnuTLS Affects Multiple Services
CVE-2026-42012

7.1HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-42012?

A vulnerability in GnuTLS allows for exploitation through specially crafted certificates containing URI or SRV Subject Alternative Names. This could mislead the certificate validation mechanism to revert to checking DNS hostnames against the Common Name, creating opportunities for attackers to impersonate legitimate services or to intercept confidential information. Users of affected GnuTLS versions should review their security posture and apply necessary patches to mitigate potential risks.

References

https://access.redhat.com/security/cve/CVE-2026-42012

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2467441

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Apr 23, 2026

Credit

Red Hat would like to thank Oleh Konko (1Seal) for reporting this issue.

CVE-2026-42012 Data

JSON