CVE•Published 2026-05-26•Modified 2026-06-02•1 article on news•5 live references•NVD data
CVE-2026-42013
Vulnerability data via NVD (ingested)
CVSS v3.1
8.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS percentile
—
Weaknesses (CWE)
Description
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
Timeline
Published 2026-05-26
Modified 2026-06-02
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
More intel sources (5)
Shodan report
vuln:CVE-2026-42013Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-42013Censys host search filtered to this CVE id.
grep.app
CVE-2026-42013Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-42013GitHub code search for direct mentions.
Google dork
"CVE-2026-42013" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2026-420138 repos
Mr-xn/Penetration_Testing_POCHTML
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypas…
Threekiii/Awesome-POCJava
一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.
0xsyr0/OSCPPowerShell
OSCP Cheat Sheet
GhostTroops/TOPShell
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
Ostorlab/KEVunknown
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
minalhassan/TRYHACKME-Free-Roomsunknown
Tryhackme free rooms with links
marvang/ctf-agentPython
LLM-agent designed for penetration testing and autonomously solving CTF challenges. Includes CHAP for intelligent context handoffs during long-running engagements.
marvang/chapPython
Research artifact. Autonomous offensive security on long-horizon tasks with CHAP: Context Handoff for Autonomous Penetration testing. Includes up-to-date and improved AutoPenBench …