CVE-2026-9648
Deferred Deferred - Pending Action

X.509 NameConstraints Bypass in crypton-x509-validation

Vulnerability report for CVE-2026-9648, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: CERT/CC

Description

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-07-01
AI Q&A
2026-06-11
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
crypton crypton-x509-validation 1.9.1
crypton crypton-certificate *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in the crypton-x509-validation library allows attackers to impersonate domains beyond the intended scope by bypassing X.509 NameConstraints enforcement. This can lead to unauthorized interception of TLS sessions and exposure of sensitive data, including credentials and financial information.

Such unauthorized access and data exposure can compromise the confidentiality and integrity of sensitive information, which are core requirements under regulations like GDPR and HIPAA. Organizations relying on this library for secure communications, especially in sectors like banking, insurance, and finance, may face compliance risks if the vulnerability is exploited.

Therefore, failure to patch this vulnerability could result in non-compliance with data protection standards that mandate strong cryptographic protections and controls to prevent unauthorized data access.

Executive Summary

The vulnerability exists in the crypton-x509-validation Haskell library, which fails to enforce X.509 NameConstraints during TLS certificate validation.

This flaw allows TLS clients using this library to accept certificates whose Subject Alternative Names fall outside the permitted subtrees defined by the issuing Certificate Authority (CA).

As a result, an attacker who compromises a name-constrained sub-CA can impersonate domains beyond their intended scope, potentially deceiving clients into trusting malicious certificates.

Impact Analysis

Exploiting this vulnerability allows attackers to issue certificates that will be accepted by Haskell TLS clients, enabling impersonation of protected domains.

This can lead to full session visibility for the attacker, allowing them to capture sensitive data such as credentials and financial information.

Industries relying on secure internet connections, like banking, insurance, and financial systems, are particularly at risk.

Although exploitation requires significant setup and victim interaction, the risk is serious for applications using the affected libraries.

Detection Guidance

This vulnerability involves the failure to enforce X.509 NameConstraints in the crypton-x509-validation Haskell library, allowing acceptance of certificates outside permitted subtrees. Detection would involve inspecting TLS connections for certificates issued by sub-CAs that should be constrained but are accepted nonetheless.

Since the issue is specific to Haskell applications using the vulnerable crypton-x509-validation library, detection on a network or system would require monitoring TLS client certificate validation behavior or analyzing certificate chains for improper name constraint enforcement.

No specific detection commands or tools are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to update the crypton-x509-validation library to version 1.9.1 or later, where the vulnerability has been fixed by properly enforcing X.509 NameConstraints.

Applications built with the vulnerable library should be rebuilt and redeployed using the patched version to prevent attackers from exploiting the flaw.

Additionally, review your PKI and certificate issuance policies to ensure that delegated sub-CAs are properly constrained and monitor for any suspicious certificates that may have been issued improperly.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9648. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart