Crypton Certificate

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-9648	Kazu Yamamoto crypton-x509-validation	Cri	0.52	9.1	—		Jun 11, 2026	The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a…

CVE-2026-9648CriJun 11, 2026
Kazu Yamamoto
crypton-x509-validation
risk 0.52cvss 9.1epss —
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a…