Skip to main content

CVE-2026-34073

LOW
Improper Certificate Validation (CWE-295)
2026-03-27 https://github.com/pyca/cryptography
1.7
CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
1.7 LOW
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
5.2 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 27, 2026 - 20:30 vuln.today
CVE Published
Mar 27, 2026 - 19:56 nvd
LOW 1.7

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 53 pypi packages depend on cryptography (45 direct, 8 indirect)

Ecosystem-wide dependent count for version 46.0.6.

DescriptionGitHub Advisory

Summary

In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com.

This behavior resulted from a gap between RFC 5280 (which defines Name Constraint semantics) and RFC 9525 (which defines service identity semantics): put together, neither states definitively whether Name Constraints should be applied to peer names. To close this gap, cryptography now conservatively rejects any validation where the peer name would be rejected by a name constraint if it were a SAN instead.

In practice, exploitation of this bypass requires an uncommon X.509 topology, one that the Web PKI avoids because it exhibits these kinds of problems. Consequently, we consider this a medium-to-low impact severity.

See CVE-2025-61727 for a similar bypass in Go's crypto/x509.

Remediation

Users should upgrade to 46.0.6 or newer.

Attribution

Reporter: @1seal

AnalysisAI

DNS name constraint validation bypass in cryptography library versions prior to 46.0.6 allows peer names to bypass X.509 name constraint checks during certificate validation. The vulnerability arises because name constraints were applied only to Subject Alternative Names (SANs) in child certificates but not to the peer name presented during validation, permitting a certificate for bar.example.com to validate against a wildcard leaf certificate (*.example.com) even when an excluded subtree constraint for bar.example.com existed in the parent certificate. Exploitation requires an uncommon X.509 topology not typically present in the Web PKI, and no public exploit code or active exploitation has been identified.

Technical ContextAI

The cryptography library (Python package: cryptography) implements X.509 certificate validation according to RFC 5280 (X.509 PKI Certificate and CRL Profile). The vulnerability stems from an interpretation gap between RFC 5280's Name Constraints semantics (which define restrictions on names appearing in subordinate certificates) and RFC 9525's service identity semantics (which define how to validate a peer name against a certificate). RFC 5280 specifies that name constraints apply to certain name forms within certificates, but neither RFC definitively states whether name constraints should be applied to the peer name itself during each validation operation. The root cause is classified as CWE-295 (Improper Certificate Validation), reflecting the bypass of cryptographic identity validation controls. The fix conservatively applies name constraint validation to peer names as if they were SANs, closing the semantic gap by rejecting any validation where the peer name would fail a name constraint test.

RemediationAI

Users should upgrade the cryptography package to version 46.0.6 or newer. This can be accomplished via package manager commands such as pip install --upgrade cryptography>=46.0.6. No workarounds are available for versions prior to the patched release, as the fix requires code changes to the name constraint validation logic itself. For organizations unable to immediately upgrade, restrict TLS connections to systems and CAs known to use standard Web PKI certificate hierarchies without custom name constraint configurations. Consult the advisory at https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43 for confirmation of patch availability and deployment timelines.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Module for Python 3 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

CVE-2026-34073 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy