VDB
CISA-2026-27137
CISA-2026-27137
PUBLISHED
CVSS 7.5 HIGH
Reported by Go · Published March 6, 2026
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Go standard library | crypto/x509 | 1.26.0-0 |
| Go standard library | crypto/x509 | 1.26.0-0, 1.26.0-0 |
Timeline
- Mar 6, 2026 CVE Published
- Mar 10, 2026 CVE Updated