Main Vulnerability Database Vulnerabilities #VU128573

Improper Certificate Validation in GnuTLS - CVE-2026-42011

Published: April 30, 2026

Vulnerability identifier: #VU128573

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-42011

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GnuTLS

Affected software:
GnuTLS

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass name constraints during certificate validation.

The vulnerability exists due to improper certificate validation in the name constraints handling logic when processing certificate chains. A remote attacker can present a specially crafted certificate chain to bypass name constraints during certificate validation.

The issue occurs when permitted name constraints are ignored if prior certificate authorities contain only excluded name constraints.

How to mitigate CVE-2026-42011

Install security update from vendor's website.

Improper Certificate Validation in GnuTLS - CVE-2026-42011

Detailed vulnerability description

How to mitigate CVE-2026-42011

Sources

Please verify you're human