Description
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.
Published: 2026-06-11
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The crypton-x509-validation library, part of the Haskell crypton-certificate toolkit, fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who controls a name‑constrained subordinate CA to sign certificates for domains beyond their intended scope, facilitating domain impersonation and potential credential theft or man‑in‑the‑middle attacks.

Affected Systems

Systems that use the crypton-x509-validation library for TLS certificate validation, particularly those built in Haskell and incorporating the crypton-certificate package, are impacted. The vulnerability applies to versions of crypton-x509-validation that have not integrated the patch referenced in the official advisory, including early releases prior to any applied fixes.

Risk and Exploitability

With a CVSS score of 9.1, the flaw is considered critical. The EPSS score is not available, but the lack of a KEV listing does not diminish the inherent danger of the flaw, as exploitation is straightforward for an attacker controlling a constrained CA. Likely attack vectors involve supplying a malicious certificate to a TLS client that relies solely on crypton-x509-validation for validation, enabling domain spoofing without triggering conventional CA constraints.

Generated by OpenCVE AI on June 11, 2026 at 20:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade crypton-x509-validation and crypton-certificate to the latest release that contains the NameConstraints enforcement fix.
  • # Verify that the upgrade source is the official repository or a trusted package source.
  • # If an immediate upgrade is infeasible, manually enforce NameConstraints in your client code or reject certificates where the Subject Alternative Name is outside the permitted subtree.

Generated by OpenCVE AI on June 11, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Haskell Programming Language
Haskell Programming Language crypton-certificate
Vendors & Products Haskell Programming Language
Haskell Programming Language crypton-certificate

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-295

Thu, 11 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Description The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.
Title CVE-2026-9648
References

Subscriptions

Haskell Programming Language Crypton-certificate
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-06-11T15:39:31.210Z

Reserved: 2026-05-26T19:26:04.460Z

Link: CVE-2026-9648

cve-icon Vulnrichment

Updated: 2026-06-11T15:10:30.272Z

cve-icon NVD

Status : Deferred

Published: 2026-06-11T16:16:25.503

Modified: 2026-06-11T21:02:34.917

Link: CVE-2026-9648

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:18:03Z

Weaknesses
  • CWE-295

    Improper Certificate Validation