What is CVE-2026-42011?

CVE-2026-42011 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under Improper Certificate Validation. CVSS score: 7.4/10. Published 2026-05-07.

How severe is CVE-2026-42011?

High severity. CVSS v3 base score is 7.4 out of 10.

Vulnerability in Red Hat Enterprise Linux 10

CVE-2026-42011

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypas…

Vulnerability class: Improper Certificate Validation

EPSS: 0.000 (3.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Red Hat Enterprise Linux 10 — versions 0:3.8.10-4.el10_2
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8 — versions 0:3.6.16-8.el8_10.6
Red Hat Enterprise Linux 9 — versions 0:3.8.10-4.el9_8
Red Hat Hardened Images — versions 3.8.13-1.hum1
Red Hat Openshift Container Platform 4

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2026-42011?: CVE-2026-42011 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under Improper Certificate Validation. CVSS score: 7.4/10. Published 2026-05-07.
How severe is CVE-2026-42011?: High severity. CVSS v3 base score is 7.4 out of 10.