CVE-2026-34073
Improper DNS Name Constraint Validation in cryptography Package
Publication date: 2026-03-31
Last updated on: 2026-04-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cryptography.io | cryptography | to 46.0.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Python cryptography library (versions up to 46.0.5) and involves improper validation of X.509 name constraints on wildcard Subject Alternative Names (SANs) when validating peer names.
Specifically, the library only enforced DNS name constraints against SANs within child certificates but did not apply these constraints to the "peer name" presented during validation. This allowed a peer named, for example, bar.example.com to be validated against a wildcard leaf certificate for *.example.com, even if an excluded subtree constraint for bar.example.com existed in the leafβs parent or ancestor certificates.
The root cause is an ambiguity between RFC 5280 (defining Name Constraint semantics) and RFC 9525 (defining service identity semantics), as neither explicitly requires applying Name Constraints to peer names.
The issue was fixed in cryptography version 46.0.6 by conservatively rejecting any validation where the peer name would be disallowed by a name constraint if treated as a SAN.
How can this vulnerability impact me? :
This vulnerability can allow a peer with a disallowed DNS name (e.g., bar.example.com) to be incorrectly validated against a wildcard certificate (e.g., *.example.com), bypassing excluded subtree constraints defined in parent certificates.
Such improper validation could potentially allow unauthorized entities to impersonate legitimate services within certain certificate hierarchies, leading to man-in-the-middle attacks or other trust violations.
However, exploitation requires an uncommon X.509 certificate hierarchy that is generally avoided by the Web PKI, so the severity is considered medium-to-low.
Users of the affected cryptography versions should upgrade to version 46.0.6 or later to mitigate this risk.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should upgrade the Python cryptography library to version 46.0.6 or later, where the issue has been patched.
This update ensures that DNS name constraints are properly validated against the peer name during certificate validation, preventing improper acceptance of disallowed peer names.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to improper validation of X.509 name constraints in the Python cryptography library versions prior to 46.0.6. Detection involves identifying if your environment is using a vulnerable version of the cryptography package.
To detect if the vulnerable cryptography version is installed, you can run the following command in your Python environment:
- python -c "import cryptography; print(cryptography.__version__)"
If the version is 46.0.5 or earlier, your system is vulnerable. Additionally, to detect exploitation attempts on your network, you would need to monitor for unusual X.509 certificate chains that include excluded subtree constraints with wildcard SANs, but such detection requires deep inspection of TLS handshakes and certificate validation logic, which is uncommon and not straightforward with simple commands.
Therefore, the primary detection method is verifying the cryptography package version and upgrading to 46.0.6 or later.