VU#862559: crypton-x509-validation Haskell libraries do not enforce X.509 NameConstraints
A significant vulnerability has been discovered in the Haskell TLS software stack affecting applications built with the Haskell programming language. The specific library "crypton-x509-validation" fails to enforce the NameConstraints security feature. NameConstraints, defined in RFC 5280, are crucial for controlling which domains a certificate authority can issue certificates for. This oversight allows an attacker who compromises a sub-CA to issue certificates for domains beyond their intended scope. Consequently, these malicious certificates will be accepted by any vulnerable Haskell TLS connection. This enables an attacker to gain full visibility into encrypted sessions. The impact of this vulnerability can lead to the theft of sensitive financial information and credentials. Industries utilizing delegated Public Key Infrastructure structures are particularly at risk. Versions prior to 1.9.1 of crypton-x509-validation are affected. A fix is available in version 1.9.1 of the crypton-x509-validation library. Users are strongly advised to update to the patched version immediately to mitigate this security risk. The vulnerability is tracked as CVE-2026-9648.