CVE-2026-10592 describes a vulnerability where certificates containing wildcard DNS SANs bypass the name-constraint checks enforced by the issuing Certificate Authority. Name constraints are intended to restrict the DNS names a CA can issue certificates for, but due to this flaw, certificates with wildcard DNS SANs that violate these constraints may be accepted. This undermines the trust model of certificate issuance by allowing potentially unauthorized wildcard certificates to be trusted.

The impact is that a certificate with a wildcard DNS SAN that should have been rejected by the CA's name constraints could be accepted, potentially allowing misuse of certificates for unauthorized domains. This can weaken the security guarantees provided by the CA infrastructure, possibly enabling impersonation or man-in-the-middle attacks if exploited. However, no known exploits are reported in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is available, organizations should monitor vendor advisories for updates. There are no vendor advisories indicating that no action is required or that the issue is already mitigated.