Vulnerability Details CVE-2026-33810
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.2%
CVSS Severity
CVSS v3 Score 8.2
References