CVE-2026-42011

EUVD-2026-28386

07.05.2026, 15:16

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.4 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Debian Releases

Debian Product

Codename

gnutls28

bookworm	vulnerable
bookworm (security)	3.7.9-2+deb12u7 fixed
bullseye	vulnerable
bullseye (security)	3.7.1-5+deb11u10 fixed
forky	3.8.13-1 fixed
sid	3.8.13-1 fixed
trixie	vulnerable
trixie (security)	3.8.9-3+deb13u4 fixed

openSUSE / SLES Releases

openSUSE Product

Release

gnutls

suse enterprise desktop 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.20.1 fixed

gnutls-guile

suse enterprise server 15 SP5

3.7.3-150400.4.59.1

fixed

libgnutls-devel

suse enterprise desktop 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.20.1 fixed

libgnutls30

suse enterprise desktop 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.20.1 fixed

libgnutls30-32bit

suse enterprise desktop 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.20.1 fixed

libgnutls30-hmac

suse enterprise server 15 SP4	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.59.1 fixed

libgnutls30-hmac-32bit

suse enterprise server 15 SP4	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.59.1 fixed

libgnutlsxx-devel

suse enterprise desktop 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.20.1 fixed

libgnutlsxx28

suse enterprise server 15 SP4	3.7.3-150400.4.59.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.59.1 fixed

libgnutlsxx30

suse enterprise desktop 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.20.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.20.1 fixed