CVE-2026-33810
highCVSS v3 Base Score
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 98% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
Low
Availability
Low
Published: April 8, 2026 (93 days ago)
Last Modified: April 8, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
CWE
CWE-1289Affected Products
Assisted Installer for Red Hat OpenShift Container Platform 2cert-manager Operator for Red Hat OpenShiftCompliance OperatorConfidential Compute AttestationCustom Metric Autoscaler operator for Red Hat OpenshiftDeployment Validation OperatorExternalDNS OperatorExternal Secrets Operator for Red Hat OpenShiftFence Agents Remediation OperatorFile Integrity Operator