vulnerability
Oracle Linux: CVE-2026-42012: ELSA-2026-20611: gnutls security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:P/I:C/A:N) | May 26, 2026 | Jun 4, 2026 | Jun 4, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:P/I:C/A:N)
Published
May 26, 2026
Added
Jun 4, 2026
Modified
Jun 4, 2026
Description
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
Solutions
oracle-linux-upgrade-gnutlsoracle-linux-upgrade-gnutls-coracle-linux-upgrade-gnutls-daneoracle-linux-upgrade-gnutls-develoracle-linux-upgrade-gnutls-utils
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.