cbcvebase.
CVE-2026-27145
published 2026-06-02

CVE-2026-27145: (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused…

PriorityP337medium6.5CVSS 3.1
AVNACHPRNUINSUCNILAH
EPSS
0.65%
46.5th percentile
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

Affected

56 ranges· showing 25
VendorProductVersion rangeFixed in
3scale-amp23scale-rhel7-operator
3scale-amp23scale-rhel9-operator
ansible-automation-platform-27receptor-rhel9
cert-managerjetstack-cert-manager-rhel9
complianceopenshift-compliance-operator-bundle
complianceopenshift-selinuxd-rhel8
container-tools_rhel8buildah
container-tools_rhel8containernetworking-plugins
container-tools_rhel8runc
container-tools_rhel8skopeo
container-tools_rhel8toolbox
devworkspacedevworkspace-rhel9-operator
dvodeployment-validation-rhel8-operator
external-secrets-operatorexternal-secrets-rhel9
go-toolset_rhel8golang
go_standard_librarycrypto_x509< 1.25.111.25.11
go_standard_librarycrypto_x509>= 1.26.0-0 < 1.26.41.26.4
jetbrainstoolbox
kubernetescri-o
multiarch-tuningmultiarch-tuning-rhel9-operator
multicluster-globalhubmulticluster-globalhub-agent-rhel9
network-observabilitynetwork-observability-cli-rhel9
node-healthcheck-operator-tech-previewnode-healthcheck-operator-rhel8
node-healthcheck-operator-tech-previewnode-healthcheck-rhel8-operator
oadpoadp-velero-rhel9

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.