GnuTLS Name Constraint Bypass Vulnerability Allowing Certificate Validation Errors

Vulnerability

A vulnerability in GnuTLS allows remote attackers to bypass critical name constraint checks during certificate validation. This issue arises because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. As a result, invalid certificates could be accepted, potentially leading to spoofing or man-in-the-middle attacks on affected systems.

Impact

Exploitation of this vulnerability could allow an attacker to spoof a trusted entity by manipulating the communication path, causing the system to accept invalid certificates from what it believes to be trusted sources.

Added: May 7, 2026, 3:31 PM

Updated: May 7, 2026, 3:31 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.6

remediation

0.0

relevance

7.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.6

remediation

0.0

relevance

7.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GnuTLS Name Constraint Bypass Vulnerability Allowing Certificate Validation Errors

Vulnerability

Impact

Affected Products

gnutls

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating