crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints
The crypton-x509-validation and
crypton-x509 libraries did not enforce the X.509 Name
Constraints extension during certificate validation. The Name
Constraints extension is a critical X.509 extension that restricts the
namespace (permitted and excluded subtrees) for which a CA is authorized
to issue certificates.
Without this enforcement, a TLS client would accept certificates with Subject Alternative Names (SANs) that fall outside the issuing CA's permitted subtrees. An attacker with access to a name-constrained sub-CA's private key could therefore issue certificates for domains outside the sub-CA's intended scope, enabling impersonation of arbitrary domains and man-in-the-middle attacks on TLS connections.
The older x509 and x509-validation packages
are also affected but are no longer maintained and have no fix
available.
This issue was fixed in crypton-x509-validation-1.9.1
and crypton-x509-1.9.1.
Info
- Published
- June 03, 2026
- Modified
- June 03, 2026
- CAPECs
- < none >
- CWEs
- 295
- Keywords
- x509, pki, tls, mitm, name-constraints
- Aliases
- CVE-2026-9648
- Related
- < none >
- References
- [ADVISORY] https://www.kb.cert.org/vuls/id/862559
- [FIX] https://github.com/kazu-yamamoto/crypton-certificate/pull/30
Affected
@hackage/crypton-x509-validation
- CVSS
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
- Versions
>=1.6.12 && <1.9.1- Declarations
- < none >
@hackage/crypton-x509
- CVSS
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
- Versions
>=1.7.6 && <1.9.1- Declarations
- < none >
@hackage/x509-validation
- CVSS
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
- Versions
>=1.4.0- Declarations
- < none >
@hackage/x509
- CVSS
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
- Versions
>=1.4.0- Declarations
- < none >