Main Vulnerability Database Vulnerabilities #VU128573

Improper Certificate Validation in GnuTLS - CVE-2026-42011

Published: April 30, 2026

Vulnerability identifier: #VU128573

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-42011

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GnuTLS

Software vendor:
GnuTLS

Description

The vulnerability allows a remote attacker to bypass name constraints during certificate validation.

The vulnerability exists due to improper certificate validation in the name constraints handling logic when processing certificate chains. A remote attacker can present a specially crafted certificate chain to bypass name constraints during certificate validation.

The issue occurs when permitted name constraints are ignored if prior certificate authorities contain only excluded name constraints.

Remediation

Install security update from vendor's website.

Improper Certificate Validation in GnuTLS - CVE-2026-42011

Description

Remediation

External links

Please verify you're human