CVE Catalog

CVE-2026-10592

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted.

Risk Assessment

The risk involves the potential acceptance of invalid certificates, which could lead to trust breaches and man-in-the-middle attacks.

Recommendation

It is recommended to immediately update certificate management systems and verify the correct implementation of name constraints for certificates with wildcard DNS SANs.

Original NVD description (English source)

Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS