CVE-2026-6731 | THREATINT

Description

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.

PUBLISHED Reserved 2026-04-20 | Published 2026-06-25 | Updated 2026-06-26 | Assigner wolfSSL

MEDIUM: 6.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

3.9.10 (semver)

affected

Credits

d0sf3t (Aradex) finder

References

github.com/wolfSSL/wolfssl/pull/10223 patch

www.wolfssl.com/docs/security-vulnerabilities/

cve.org (CVE-2026-6731)

nvd.nist.gov (CVE-2026-6731)

Download JSON