CVE-2026-42012
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
A flaw was found in GnuTLS where a remote attacker can present a specially crafted certificate containing URI or SRV Subject Alternative Names (SANs). This causes the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
Risk Assessment
The organization is at risk of spoofing attacks where an attacker can impersonate a trusted service, potentially leading to credential theft or interception of confidential user data.
Recommendation
Immediately update GnuTLS to a patched version and review certificate validation configurations in applications using GnuTLS.
Original NVD description (English source)
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.

