CVE-2026-9648

The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the namespace (permitted and excluded subtrees) for which a CA is authorized to issue certificates.

Without this enforcement, a TLS client would accept certificates with Subject Alternative Names (SANs) that fall outside the issuing CA's permitted subtrees. An attacker with access to a name-constrained sub-CA's private key could therefore issue certificates for domains outside the sub-CA's intended scope, enabling impersonation of arbitrary domains and man-in-the-middle attacks on TLS connections.

The older x509 and x509-validation packages are also affected but are no longer maintained and have no fix available.

This issue was fixed in crypton-x509-validation-1.9.1 and crypton-x509-1.9.1.