CVE-2026-9648
MEDIUM6.8crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints
Description
# crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The `crypton-x509-validation` and `crypton-x509` libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the namespace (permitted and excluded subtrees) for which a CA is authorized to issue certificates. Without this enforcement, a TLS client would accept certificates with Subject Alternative Names (SANs) that fall outside the issuing CA's permitted subtrees. An attacker with access to a name-constrained sub-CA's private key could therefore issue certificates for domains outside the sub-CA's intended scope, enabling impersonation of arbitrary domains and man-in-the-middle attacks on TLS connections. The older `x509` and `x509-validation` packages are also affected but are no longer maintained and have no fix available. This issue was fixed in `crypton-x509-validation-1.9.1` and `crypton-x509-1.9.1`.
Affected packages (4)
- Hackage/crypton-x509>= 1.7.6, < 1.9.1
- Hackage/crypton-x509-validation>= 1.6.12, < 1.9.1
- Hackage/x509>= 1.4.0
- Hackage/x509-validation>= 1.4.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.8 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |