Go Standard Library Crypto X509 vulnerabilities

CVE-2026-32281 [HIGH] CVE-2026-32281: Validating certificate chains which use policies is unexpectedly inefficient when certificates in th Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

CVE-2026-33810 [HIGH] CVE-2026-33810: When verifying a certificate chain containing excluded DNS constraints, these constraints are not co When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

CVE-2026-32280 [HIGH] CWE-770 CVE-2026-32280: During chain building, the amount of work that is done is not correctly limited when a large number During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

CVE-2026-27137 [HIGH] CVE-2026-27137: When verifying a certificate chain which contains a certificate containing multiple email address co When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

CVE-2026-27138 [MEDIUM] CVE-2026-27138: Certificate verification can panic when a certificate in the chain has an empty DNS name and another Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

CVE-2025-61727 [MEDIUM] CWE-295 CVE-2025-61727: An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

CVE-2025-61729 [HIGH] CWE-295 CVE-2025-61729: Within HostnameError.Error(), when constructing an error string, there is no limit to the number of Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

CVE-2025-58188 [HIGH] CWE-295 CVE-2025-58188: Validating certificate chains which contain DSA public keys can cause programs to panic, due to a in Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.

CVE-2025-58187 [HIGH] CWE-407 CVE-2025-58187: Due to the design of the name constraint checking algorithm, the processing time of some inputs scal Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

CVE-2025-22874 [HIGH] CVE-2025-22874: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledp Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

CVE-2025-22865 [HIGH] CVE-2025-22865: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verify Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.

CVE-2024-45341 [MEDIUM] CVE-2024-45341: A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

CVE-2024-24783 [MEDIUM] CWE-476 CVE-2024-24783: Verifying a certificate chain which contains a certificate with an unknown public key algorithm will Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.