rustls-webpki Flaws Expose TLS Libraries to Panic, Certificate Validation Bypass Risks

A security audit has identified three vulnerabilities in rustls-webpki, a widely deployed Rust library that handles X.509 certificate validation for TLS implementations. The findings, catalogued under RUSTSEC-2026-0104 and RUSTSEC-2026-0098, reveal critical flaws in certificate revocation list (CRL) parsing and URI name constraint enforcement—components central to secure TLS handshake verification.

The most severe issue, RUSTSEC-2026-0104, allows a reachable panic when parsing certificate revocation lists through `BorrowedCertRevocationList::from_der` or `OwnedCertRevocationList::from_der`. The vulnerability stems from mishandling syntactically valid but empty `BIT STRING` values within the `onlySomeReasons` element of an `IssuingDistributionPoint` CRL extension. Critically, this panic occurs before signature verification completes, meaning an unauthenticated actor could trigger denial of service by presenting a malformed CRL. Only applications actively using CRL functionality are affected. Patches have been released in versions >=0.103.13, <0.104.0-alpha.1, and >=0.104.0-alpha.7, with credit attributed to researcher @tynus3.

The second flaw, RUSTSEC-2026-0098, involves incorrect acceptance of name constraints for URI names. The vulnerability allowed URI-based name constraints to be silently ignored during certificate validation, potentially permitting certificates that should have been rejected under defined policy constraints. This type of bypass could enable man-in-the-middle scenarios or unauthorized certificate usage in systems relying on strict URI-based restrictions.

The discovery raises concerns for the broader Rust TLS ecosystem, as rustls-webpki serves as a foundational component for multiple implementations. Systems handling CRL validation or enforcing URI-based certificate policies should prioritize updates immediately. Given the pre-authentication nature of the CRL parsing panic, organizations with publicly accessible TLS services face elevated exposure to targeted denial-of-service attempts.