7.5

CVE-2026-27137

EPSS 0.02%
Veröffentlicht 06.03.2026 21:28:13
Zuletzt bearbeitet 21.04.2026 14:40:31
Quelle security@golang.org
CVE-Watchlists
Login
Unerledigt
Login

Incorrect enforcement of email constraints in crypto/x509

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Golang ≫ Go Version1.26.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.036

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk

Release Notes

https://go.dev/cl/752182

Mailing List

https://go.dev/issue/77952

Issue Tracking

https://pkg.go.dev/vuln/GO-2026-4599

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-27137

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27137

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27137

EUVD