CVE-2026-34073

low Red Hat
CVSS v3 Base Score
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 94% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
None
Published: March 31, 2026 (44 days ago)
Last Modified: March 31, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in the `cryptography` library. This vulnerability occurs because DNS (Domain Name System) name constraints were not properly validated against the "peer name" during certificate validation, only against Subject Alternative Names (SANs) within child certificates. This oversight could allow a malicious actor to bypass security restrictions, enabling a certificate for a specific domain to be validated against a broader wildcard certificate, even when an exclusion for that specific domain exists. This could lead to an attacker impersonating a legitimate server or service.

CWE

CWE-295

Affected Products

Lightspeed CoreOpenShift LightspeedPen Drive Powered by Red Hat LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform Ansible Core 2Red Hat Discovery 2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux AI (RHEL AI) 3

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com