VDB

CISA-2026-27137

CISA-2026-27137 PUBLISHED CVSS 7.5 HIGH

Reported by Go · Published March 6, 2026

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Go standard librarycrypto/x5091.26.0-0
Go standard librarycrypto/x5091.26.0-0, 1.26.0-0

Timeline

  • Mar 6, 2026 CVE Published
  • Mar 10, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›