CVE-2026-33810

high Red Hat
CVSS v3 Base Score
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 98% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
Low
Availability
Low
Published: April 8, 2026 (93 days ago)
Last Modified: April 8, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT

Description

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

CWE

CWE-1289

Affected Products

Assisted Installer for Red Hat OpenShift Container Platform 2cert-manager Operator for Red Hat OpenShiftCompliance OperatorConfidential Compute AttestationCustom Metric Autoscaler operator for Red Hat OpenshiftDeployment Validation OperatorExternalDNS OperatorExternal Secrets Operator for Red Hat OpenShiftFence Agents Remediation OperatorFile Integrity Operator

Fix Status

✅ Fix Available

References