CVE-2026-42011

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.

• CWE-295

• https://access.redhat.com/errata/RHSA-2026:13274
• https://access.redhat.com/errata/RHSA-2026:20611
• https://access.redhat.com/errata/RHSA-2026:20612
• https://access.redhat.com/errata/RHSA-2026:20613
• https://access.redhat.com/errata/RHSA-2026:26319
• https://access.redhat.com/errata/RHSA-2026:26409
• https://access.redhat.com/errata/RHSA-2026:29197
• https://access.redhat.com/errata/RHSA-2026:30004
• https://access.redhat.com/security/cve/CVE-2026-42011
• https://bugzilla.redhat.com/show_bug.cgi?id=2467437
• https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6

Published

May 7, 2026

Last Modified

Jun 26, 2026

Status

Awaiting Analysis