CVE-2026-42013
Awaiting Analysis Awaiting Analysis - Queue
Certificate Validation Bypass in GnuTLS via SAN Override

Publication date: 2026-05-26

Last updated on: 2026-06-02

Assigner: Red Hat, Inc.

Description
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-42013
EUVD
EUVD-2026-32011
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnutls gnutls *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should update the GnuTLS library to a version where the issue with oversized Subject Alternative Name (SAN) entries causing certificate validation bypass has been fixed.

Applying the latest security patches or updates provided by your operating system or distribution vendor is recommended to address this vulnerability.

Compliance Impact

This vulnerability in gnutls allows an attacker to bypass proper certificate validation, potentially enabling spoofing or man-in-the-middle attacks.

Such security weaknesses can undermine the confidentiality and integrity of data transmissions, which are critical requirements under standards like GDPR and HIPAA.

Therefore, exploitation of this flaw could lead to non-compliance with these regulations due to failure to adequately protect sensitive information during communication.

Executive Summary

This vulnerability is a flaw in gnutls related to certificate validation. When the Subject Alternative Name (SAN) field in a certificate is oversized, the validation process may incorrectly fall back to checking the Common Name (CN) field instead.

This fallback can allow a remote attacker to bypass proper certificate validation.

As a result, an attacker could potentially perform spoofing or man-in-the-middle attacks.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to bypass proper certificate validation.

Such bypass could lead to spoofing attacks, where an attacker impersonates a trusted entity.

It could also enable man-in-the-middle attacks, where the attacker intercepts and potentially alters communications.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42013. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart