This page collects WhisperX intelligence signals tagged #PKI. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
The PyCA cryptography library has released a critical security update to patch a vulnerability that could allow attackers to bypass name constraints during X.509 certificate verification. The flaw, tracked as CVE-2026-34073, was discovered by researcher Oleh Konko (1seal). It specifically affects scenarios where a leaf...
A critical security vulnerability in the widely-used `node-forge` cryptography library allows any leaf certificate to illegitimately act as a Certificate Authority (CA). The flaw, tracked as CVE-2026-33896, resides in the `pki.verifyCertificateChain()` function. It fails to enforce mandatory RFC 5280 `basicConstraints`...
A critical security vulnerability in the widely-used Python cryptography library has been patched, addressing a flaw that could allow attackers to bypass name constraints during certificate verification. The issue, tracked as CVE-2026-34073, was discovered in version 46.0.3 and fixed in the newly released 46.0.6. The b...
The widely-used PyCA cryptography library has released a critical security update to patch a vulnerability in X.509 certificate validation. The flaw, tracked as CVE-2026-34073, could allow an attacker to bypass critical name constraints during peer verification under a specific, non-standard certificate configuration. ...
A critical vulnerability in the widely-used Bouncy Castle Java cryptography library allows attackers to forge digital signatures by passing an empty sequence, fundamentally undermining the integrity of PKI-based security. The flaw, tracked as CVE-2026-5588, resides in the `CompositeVerifier` class within the `bcpkix` m...
A critical validation flaw in the `rustls-webpki` cryptographic library allowed wildcard DNS names to bypass permitted subtree name constraints, potentially enabling certificates issued for `*.example.com` to assert names outside the authorized constraint scope. The vulnerability, tracked as RUSTSEC-2026-0099, affects ...
DigiCert, a major certificate authority, has misissued code signing certificates, according to a bug report filed with Mozilla's security tracking system. The disclosure, logged as Bugzilla issue 2033170, raises immediate questions about validation controls at one of the industry's most prominent PKI providers and coul...