Listen to this Post
The vulnerability stems from the `webpki` library’s mishandling of the X.509 `nameConstraints` extension for Uniform Resource Identifier (URI) names. The library incorrectly accepts certificates that violate URI name constraints because it completely ignores these constraints during validation. As a result, a certificate with a URI that should be rejected (e.g., a URI outside an allowed set) is accepted as valid, bypassing the intended restriction.
This flaw is rooted in two implementation gaps: First, the library does not provide an API for asserting URI names at all. Second, URI name constraints are otherwise not implemented. Consequently, when processing a certificate containing a `nameConstraints` extension that restricts URI names, the library simply skips the check, effectively ignoring the constraint. The vulnerability only becomes reachable after the certificate has successfully passed signature verification, because name constraints are restrictions on otherwise properly-issued certificates. Exploitation therefore requires misissuance: an attacker must obtain or forge a certificate that would normally be restricted by URI name constraints but is still signed by a trusted certificate authority. Because URI certificates are not permitted in the public Web PKI, the impact is limited to users of private PKIs that make use of URIs.
The fix, applied in versions 0.103.12 and 0.104.0-alpha.6, rejects URI name constraints unconditionally, closing the bypass.
DailyCVE Form:
Platform: rustls-webpki
Version: 0.101.0-0.103.11
Vulnerability: nameConstraints bypass
Severity: Low
date: 2026-04-15
Prediction: 2026-04-22
Analytics under What Undercode Say:
Count vulnerable packages in a Cargo.lock grep -E "name = \"rustls-webpki\"" Cargo.lock -A 1 | grep "version = \"0.10" | wc -l Check for usage of URI name constraints in certificates openssl x509 -in cert.pem -text -noout | grep -A5 "X509v3 Name Constraints" | grep -i "URI" Audit a Rust project for vulnerable webpki versions cargo tree | grep rustls-webpki
Exploit:
- Obtain a certificate with a `nameConstraints` extension restricting allowed URIs, but which contains a URI outside the permitted set.
- The `webpki` library (vulnerable version) will validate the certificate because it ignores the URI constraint.
- The attacker can now present this certificate to any application using the vulnerable `webpki` library for TLS client or server authentication, bypassing the intended restriction.
Protection from this CVE:
- Upgrade `rustls-webpki` to version 0.103.12 or later, or 0.104.0-alpha.6 or later.
- If upgrade is not immediately possible, avoid using private PKIs that rely on URI name constraints.
- In Cargo.toml, pin the version to a patched release:
rustls-webpki = "=0.103.12"
- Run `cargo update -p rustls-webpki` to pull the patched version.
Impact:
- Confidentiality: Low – An attacker could present a certificate that bypasses URI name restrictions, potentially leading to acceptance of certificates that should be rejected. However, URI certificates are not used in the public Web PKI.
- Integrity: Low – The vulnerability requires misissuance of a certificate; it does not allow forging signatures or breaking cryptographic protections.
- Availability: None – The issue does not cause denial of service.
- Scope: Limited to private PKI deployments that use URI names in certificates. Public web PKI (TLS for HTTPS) is unaffected.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

