ByteOS Network

NVD Vulnerability Details :

CVE-2026-27138

Analyzed

Source-security@golang.org

Published At-06 Mar, 2026 | 22:16

Updated At-21 Apr, 2026 | 14:39

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CPE Matches

>>go>>1.26.0

cpe:2.3:a:golang:go:1.26.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-295	Primary	nvd@nist.gov

CWE ID: CWE-295

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://go.dev/cl/752183	security@golang.org	Mailing List
https://go.dev/issue/77953	security@golang.org	Issue Tracking
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk	security@golang.org	Release Notes
https://pkg.go.dev/vuln/GO-2026-4600	security@golang.org	Vendor Advisory

Hyperlink: https://go.dev/cl/752183

Source: security@golang.org

Resource:

Mailing List

Hyperlink: https://go.dev/issue/77953

Source: security@golang.org

Resource:

Issue Tracking

Hyperlink: https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk

Source: security@golang.org

Resource:

Release Notes

Hyperlink: https://pkg.go.dev/vuln/GO-2026-4600

Source: security@golang.org

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History