A serious vulnerability in the Haskell TLS library (CVE-2026-9648) poses risks to secure communications in finance and enterprise systems. The flaw stems from the crypton-x509-validation library's failure to enforce X.509 NameConstraints, allowing attackers to forge trusted certificates. This vulnerability has a high CVSS score of 9.1 and enables unauthorized certificate issuance, leading to potential credential theft and exposure of sensitive information. While exploitation requires significant setup, all prior library versions are affected. Users are advised to upgrade to version 1.9.1 to mitigate risks.
Haskell TLS flaw allows forged certificates, CVE-2026-9648
CyberSIXT Evidence Panel
Article by CyberSIXT