CVE-2026-27138

Sažetak

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

Reference

https://go.dev/cl/752183
https://go.dev/issue/77953
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://pkg.go.dev/vuln/GO-2026-4600

CVSS

Base:	5.9
Impact:	3.6
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

10-03-2026 - 18:18

Objavljeno

06-03-2026 - 22:16