CVE-2026-42011

ADVISORY - nist

Summary

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.

EPSS Score⁠: 0.00021 (0.061)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

NIST

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-42011⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-295⁠

CVSS SCORE

7.4high

Alpine

CREATED

12 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-42011⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

13 days ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-42011⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

12 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2026-42011⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium