7.5

CVE-2026-27137

Incorrect enforcement of email constraints in crypto/x509

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GolangGo Version1.26.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.61% 0.445
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://go.dev/cl/752182
Mailing List
https://go.dev/issue/77952
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2445345
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27137.json
https://access.redhat.com/errata/RHSA-2026:10184
https://access.redhat.com/errata/RHSA-2026:10225
https://access.redhat.com/errata/RHSA-2026:10250
https://access.redhat.com/errata/RHSA-2026:14879
https://access.redhat.com/errata/RHSA-2026:19132
https://access.redhat.com/errata/RHSA-2026:19375
https://access.redhat.com/errata/RHSA-2026:22450
https://access.redhat.com/errata/RHSA-2026:22714
https://access.redhat.com/errata/RHSA-2026:22937
https://access.redhat.com/errata/RHSA-2026:23228
https://access.redhat.com/errata/RHSA-2026:28047
https://access.redhat.com/errata/RHSA-2026:5110
https://access.redhat.com/errata/RHSA-2026:5549
https://access.redhat.com/errata/RHSA-2026:7291
https://access.redhat.com/errata/RHSA-2026:8151
https://access.redhat.com/errata/RHSA-2026:8167
https://access.redhat.com/errata/RHSA-2026:8337
https://access.redhat.com/errata/RHSA-2026:8338
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
Release Notes
https://access.redhat.com/errata/RHSA-2026:10125
https://access.redhat.com/errata/RHSA-2026:10158
https://access.redhat.com/errata/RHSA-2026:10169
https://access.redhat.com/errata/RHSA-2026:10175
https://access.redhat.com/errata/RHSA-2026:10929
https://access.redhat.com/errata/RHSA-2026:11800
https://access.redhat.com/errata/RHSA-2026:13545
https://access.redhat.com/errata/RHSA-2026:19022
https://access.redhat.com/errata/RHSA-2026:19049
https://access.redhat.com/errata/RHSA-2026:19181
https://access.redhat.com/errata/RHSA-2026:21769
https://access.redhat.com/errata/RHSA-2026:22347
https://access.redhat.com/errata/RHSA-2026:22423
https://access.redhat.com/errata/RHSA-2026:22862
https://access.redhat.com/errata/RHSA-2026:23345
https://access.redhat.com/errata/RHSA-2026:26568
https://access.redhat.com/errata/RHSA-2026:26585
https://access.redhat.com/errata/RHSA-2026:29854
https://access.redhat.com/errata/RHSA-2026:8842
https://access.redhat.com/errata/RHSA-2026:9052
https://access.redhat.com/errata/RHSA-2026:9385
https://access.redhat.com/errata/RHSA-2026:9872
https://pkg.go.dev/vuln/GO-2026-4599
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:28038
https://access.redhat.com/errata/RHSA-2026:9697
https://access.redhat.com/errata/RHSA-2026:9698
https://access.redhat.com/errata/RHSA-2026:9699
https://access.redhat.com/security/cve/CVE-2026-27137
https://access.redhat.com/errata/RHSA-2026:36796