CVE-2026-42011

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1

Description A flaw exists where permitted name constraints are incorrectly ignored when previous Certificate Authorities (CAs) only have excluded name constraints. A remote attacker can exploit this to bypass critical name constraint checks during certificate validation, which may lead to the acceptance of invalid certificates and enable spoofing or man-in-the-middle attacks.

Recommendations Update to version 3.8.13-1.1.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALSA-2026:20611

CVE-2026-42011

ECHO-00BB-2656-B63A

OPENSUSE-SU-2026:10691-1

RHSA-2026:13274

USN-8284-1

Affected Products

Linuxmint

Ubuntu

Gnutls

CVE-2026-42011

Weakness Enumeration

Related Identifiers

Affected Products

References · 65