CVE-2026-9648 – CVE-2026-9648

CVE ID :CVE-2026-9648

Published : June 11, 2026, 4:16 p.m. | 1 hour, 3 minutes ago

Description :The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-47181 – PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover

CVE-2026-45176 – Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation

CVE-2025-30431 – Apple macOS Information Disclosure

CVE-2025-24268 – Apple macOS Directory Traversal