Skip to main content

Crypton Certificate

1 CVEs product

Monthly

CVE-2026-9648 CRITICAL PATCH Act Now

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.

Information Disclosure Crypton Certificate Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.

Information Disclosure Crypton Certificate Suse
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy