CVE-2026-6731
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
Vulnerability allows bypassing X.509 name constraints via the Subject Common Name treated as a DNS-type name. A certificate whose CN violates an issuing CA's DNS name constraints could be accepted.
Risk Assessment
An attacker can exploit this flaw to have a certificate with an unauthorized domain name accepted, leading to impersonation of trusted sites and communication interception.
Recommendation
Update the software to the latest patched version. As a temporary measure, restrict trust in certificates with unverified DNS name constraints.
Original NVD description (English source)
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.

