{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-42790/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-42790"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-42790","certificate-validation","hostname-verification","tls"],"_cs_type":"threat","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-42790 is a security vulnerability affecting Microsoft products. The vulnerability stems from a flaw in public key hostname verification where name constraints DNS bypass can occur due to a fallback to the subject\u0026rsquo;s CommonName. This could potentially allow an attacker to bypass intended security restrictions. The specific products affected and the exact mechanisms of exploitation are not detailed in the initial advisory. Defenders should monitor for unusual certificate validation behavior and apply relevant patches from Microsoft as they become available.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eDue to the limited information available, a detailed attack chain cannot be provided. However, a general outline based on the vulnerability description is:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAttacker obtains a certificate that bypasses name constraints due to CommonName fallback.\u003c/li\u003e\n\u003cli\u003eAttacker uses the crafted certificate in a TLS handshake.\u003c/li\u003e\n\u003cli\u003eThe vulnerable Microsoft product attempts to verify the hostname.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability, the hostname verification falls back to the CommonName.\u003c/li\u003e\n\u003cli\u003eThe CommonName is improperly validated, allowing the bypass.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully establishes a connection impersonating a legitimate service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-42790 could lead to a bypass of security restrictions, potentially allowing an attacker to impersonate legitimate services or perform man-in-the-middle attacks. The specific impact depends on the affected Microsoft product and how it utilizes certificate validation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for TLS connections using certificates with unusual CommonName attributes (reference vulnerability description).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules below to your SIEM to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eFollow Microsoft\u0026rsquo;s security update guide for CVE-2026-42790 and apply patches as soon as they are released.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-31T07:26:38Z","date_published":"2026-05-31T07:26:38Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-42790/","summary":"CVE-2026-42790 is a vulnerability in Microsoft products related to name constraints DNS bypass via subject CommonName fallback in public_key hostname verification.","title":"CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-42790/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-42790","version":"https://jsonfeed.org/version/1.1"}