CVE-2026-42011
GnuTLS Name Constraint Bypass Vulnerability
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnutls | gnutls | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GnuTLS due to incorrect handling of name constraints during certificate validation. Specifically, permitted name constraints are ignored when previous Certificate Authorities only have excluded name constraints. This flaw allows an attacker to bypass critical name constraint checks.
As a result, invalid certificates might be accepted by the system, which can lead to security issues such as spoofing or man-in-the-middle attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability in GnuTLS allows bypassing critical name constraint checks during certificate validation, potentially enabling spoofing or man-in-the-middle attacks. Such security weaknesses can undermine the confidentiality and integrity of communications, which are essential requirements under common standards and regulations like GDPR and HIPAA.
By accepting invalid certificates, affected systems may fail to adequately protect personal or sensitive data, leading to non-compliance with these regulations' mandates for secure data transmission and protection against unauthorized access.
How can this vulnerability impact me? :
Exploiting this vulnerability could allow a remote attacker to bypass certificate validation checks, potentially enabling them to impersonate trusted entities or intercept secure communications.
This can lead to unauthorized access, data interception, or manipulation in systems that rely on GnuTLS for secure communication, compromising confidentiality and integrity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to update GnuTLS to a version where this issue is fixed, as the vulnerability arises from incorrect handling of name constraints during certificate validation.
Since the flaw allows bypassing critical name constraint checks, applying security patches provided by your vendor or updating to the latest secure release of GnuTLS is the immediate step to prevent exploitation.