CVE Catalog

CVE-2026-6731

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

3th percentile — higher than 3% of all known CVEs

Summary

Vulnerability allows bypassing X.509 name constraints via the Subject Common Name treated as a DNS-type name. A certificate whose CN violates an issuing CA's DNS name constraints could be accepted.

Risk Assessment

An attacker can exploit this flaw to have a certificate with an unauthorized domain name accepted, leading to impersonation of trusted sites and communication interception.

Recommendation

Update the software to the latest patched version. As a temporary measure, restrict trust in certificates with unverified DNS name constraints.

Original NVD description (English source)

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS