5.9

CVE-2026-27138

Panic in name constraint checking for malformed certificates in crypto/x509

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GolangGo Version1.26.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.267
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
Release Notes
https://go.dev/issue/77953
Issue Tracking
https://go.dev/cl/752183
Mailing List
https://pkg.go.dev/vuln/GO-2026-4600
Vendor Advisory