CVE-2026-42013
Certificate Validation Bypass in GnuTLS via SAN Override
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnutls | gnutls | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in gnutls related to certificate validation. When the Subject Alternative Name (SAN) field in a certificate is oversized, the validation process may incorrectly fall back to checking the Common Name (CN) field instead.
This fallback can allow a remote attacker to bypass proper certificate validation.
As a result, an attacker could potentially perform spoofing or man-in-the-middle attacks.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to bypass proper certificate validation.
Such bypass could lead to spoofing attacks, where an attacker impersonates a trusted entity.
It could also enable man-in-the-middle attacks, where the attacker intercepts and potentially alters communications.