CVE Catalog

CVE-2026-42012

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

28th percentile - higher than 28% of all known CVEs

Summary

A flaw was found in GnuTLS where a remote attacker can present a specially crafted certificate containing URI or SRV Subject Alternative Names (SANs). This causes the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.

Risk Assessment

The organization is at risk of spoofing attacks where an attacker can impersonate a trusted service, potentially leading to credential theft or interception of confidential user data.

Recommendation

Immediately update GnuTLS to a patched version and review certificate validation configurations in applications using GnuTLS.

Original NVD description (English source)

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS