1. rustls-webpki Name Constraint Bypass Exposes Wildcard Certificates to DNS Restriction Evasion
A critical validation flaw in the `rustls-webpki` cryptographic library allowed wildcard DNS names to bypass permitted subtree name constraints, potentially enabling certificates issued for `*.example.com` to assert names outside the authorized constraint scope. The vulnerability, tracked as RUSTSEC-2026-0099, affects ...