CVE-2026-27137Improper Certificate Validation in Standard Library Crypto X509

CWE-295Improper Certificate Validation10 documents9 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 97.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GO Standard Library Crypto X509
Timeline
PublishedMar 6
Latest updateMar 10

Description

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5go_standard_library/crypto_x5091.26.0-01.26.1

🔴Vulnerability Details

4
GHSA
GHSA-7hfw-r8qc-89v4: When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but di2026-03-07
CVEList
Incorrect enforcement of email constraints in crypto/x5092026-03-06
OSV
CVE-2026-27137: When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but di2026-03-06
OSV
Incorrect enforcement of email constraints in crypto/x5092026-03-06

📋Vendor Advisories

3
Microsoft
Incorrect enforcement of email constraints in crypto/x5092026-03-10
Red Hat
crypto/x509: Incorrect enforcement of email constraints in crypto/x5092026-03-06
Debian
CVE-2026-27137: golang-1.15 - When verifying a certificate chain which contains a certificate containing multi...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-27137 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x5092026-03-06
CVE-2026-27137 — Improper Certificate Validation | cvebase