Vulnerability in Red Hat Enterprise Linux 10
CVE-2026-42013
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to…
EPSS: 0.001 (16.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N.
Affected products
- Red Hat Enterprise Linux 10 — versions 0:3.8.10-4.el10_2
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8 — versions 0:3.6.16-8.el8_10.6
- Red Hat Enterprise Linux 9 — versions 0:3.8.10-4.el9_8
- Red Hat Hardened Images
- Red Hat Openshift Container Platform 4
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
Frequently asked questions
- What is CVE-2026-42013?
- CVE-2026-42013 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under Improper Validation of Specified Quantity in Input. CVSS score: 8.2/10. Published 2026-05-26.
- How severe is CVE-2026-42013?
- High severity. CVSS v3 base score is 8.2 out of 10.