Listen to this Post
Permitted subtree name constraints for DNS names were incorrectly accepted for certificates that assert a wildcard name. In X.509 PKI, name constraints restrict which DNS names a certificate can vouch for. When a CA issues a certificate with a wildcard SAN (e.g., .example.com), the name‑constraint enforcement logic must verify that every name matched by the wildcard falls within the permitted subtree. The vulnerability arises because the constraint `accept.example.com` (a permitted subtree) was considered satisfied by a certificate that holds .example.com. Because `.example.com` matches any subdomain of `example.com` (including reject.example.com), the certificate would be accepted even though `reject.example.com` lies outside the intended permitted subtree. The bug is reachable only after signature verification and requires a misissued certificate – i.e., a certificate that should have been rejected by name constraints but is mistakenly accepted. This flaw is similar to CVE‑2025‑61727 in Go’s crypto/x509. Attackers could exploit it to impersonate services outside the allowed name space, effectively bypassing the security boundaries enforced by name constraints.
dailycve form:
Platform: rustls-webpki
Version: 0.101.0‑0.103.11, 0.104.0‑alpha.1‑alpha.5
Vulnerability: name‑constraints bypass
Severity: Low
date: Apr 15, 2026
Prediction: Already patched (Apr 16, 2026)
What Undercode Say:
Check current rustls-webpki version cargo tree | grep rustls-webpki Verify if a version is vulnerable (example for >=0.101.0,<0.103.12) cargo audit | grep RUSTSEC-2026-0099 Remediation: update to patched version cargo update -p rustls-webpki --precise 0.103.12 or for alpha track: --precise 0.104.0-alpha.6
Exploit:
A malicious CA issues a leaf certificate with a wildcard SAN .example.com. A name constraint `accept.example.com` is present in the chain. The vulnerable code accepts the certificate, allowing the wildcard to match reject.example.com, which is outside the permitted subtree. An attacker can then present this certificate for `reject.example.com` and have it validated incorrectly.
Protection from this CVE
Upgrade to `rustls-webpki` 0.103.12 or 0.104.0‑alpha.6 (or later). No configuration changes are required; the fix is in the library’s name‑constraint verification logic.
Impact
Bypass of DNS name constraints, enabling a misissued certificate to be accepted for names that should be rejected. This can lead to impersonation of services outside the intended trust boundary, potentially facilitating man‑in‑the‑middle attacks or unauthorized access in PKI‑enforced environments.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

