Certificate Validation Flaw in GnuTLS Allows Potential Man-in-the-Middle Attacks
CVE-2026-42013

8.2HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-42013?

A significant vulnerability has been identified in GnuTLS, specifically related to the validation of certificates. When the Subject Alternative Name (SAN) field in a certificate exceeds a particular size, it can trigger an incorrect fallback to the Common Name (CN) field during the validation process. This misconfiguration potentially enables remote attackers to successfully bypass the intended validation checks, creating pathways for spoofing and man-in-the-middle attacks. It is crucial for users and administrators to apply the necessary security patches to mitigate this risk and safeguard their systems from exploitation.

References

https://access.redhat.com/security/cve/CVE-2026-42013

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2467448

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Apr 23, 2026

Credit

Red Hat would like to thank Haruto Kimura (Stella) and Joshua Rogers (AISLE Research Team) for reporting this issue.

CVE-2026-42013 Data

JSON