{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-29T00:00:00Z",
  "bugzilla" : {
    "description" : "gnutls: gnutls: Security bypass due to incorrect name constraint handling",
    "id" : "2467437",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-295",
  "details" : [ "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.", "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems." ],
  "acknowledgement" : "Red Hat would like to thank Haruto Kimura (Stella) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:20613",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "gnutls-0:3.8.10-4.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26409",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "gnutls-0:3.8.9-9.el10_0.19"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:20611",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "gnutls-0:3.6.16-8.el8_10.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:20611",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "gnutls-0:3.6.16-8.el8_10.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:20612",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "gnutls-0:3.8.10-4.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-26T00:00:00Z",
    "advisory" : "RHSA-2026:20612",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "gnutls-0:3.8.10-4.el9_8"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-05-02T00:00:00Z",
    "advisory" : "RHSA-2026:13274",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "gnutls-main-3.8.13-1.hum1",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26319",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/cds-rhel9:1781525684"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26319",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/haproxy-rhel9:1781525671"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26319",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/installer-rhel9:1781525693"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26319",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/rhua-rhel9:1781525739"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "gnutls",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "gnutls",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-42011\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-42011" ],
  "name" : "CVE-2026-42011",
  "csaw" : false
}