VDB

RHSA-2026%3A1042

RHSA-2026%3A1042 PUBLISHED CVSS 6.5 MEDIUM

A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2f2e78fd6d5a22d977e80100425da58d77a5286d4d017c38e27d7900d52fdb28_s390x as a component of cert-manager operator for Red Hat OpenShift 1.18*, registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2f2e78fd6d5a22d977e80100425da58d77a5286d4d017c38e27d7900d52fdb28_s390x, *
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:7906836c624e2aea656d2c64bd3fee260b69c9f6a0ab46e5d228154f5d6241c4_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:7906836c624e2aea656d2c64bd3fee260b69c9f6a0ab46e5d228154f5d6241c4_ppc64le, *, registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:7906836c624e2aea656d2c64bd3fee260b69c9f6a0ab46e5d228154f5d6241c4_ppc64le
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:08b6b8c954c1a7ceb5a446eb1bc3e28c434cc576b77cd369c85ea79775dfb1cc_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:08b6b8c954c1a7ceb5a446eb1bc3e28c434cc576b77cd369c85ea79775dfb1cc_amd64, registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:08b6b8c954c1a7ceb5a446eb1bc3e28c434cc576b77cd369c85ea79775dfb1cc_amd64, *
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:749ce9e6e1216fc8e8e29c01ff14b11a1290de1bec9bd4d692f5cbace03f8e95_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:749ce9e6e1216fc8e8e29c01ff14b11a1290de1bec9bd4d692f5cbace03f8e95_arm64, *, registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:749ce9e6e1216fc8e8e29c01ff14b11a1290de1bec9bd4d692f5cbace03f8e95_arm64
Red Hatcert-manager Operator for Red Hat OpenShift
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:bf234df32160c906c15cc437b66a7b35a913a400f921f2cd2e44c83a02d9c7b0_s390x as a component of cert-manager operator for Red Hat OpenShift 1.18*, *, registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:bf234df32160c906c15cc437b66a7b35a913a400f921f2cd2e44c83a02d9c7b0_s390x
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:77f4d70980abe59f1e69bf38bfeeeed0b84b27fe9ae3286666d01a0c8aa6b067_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.18*, *, registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:77f4d70980abe59f1e69bf38bfeeeed0b84b27fe9ae3286666d01a0c8aa6b067_ppc64le
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2f2e78fd6d5a22d977e80100425da58d77a5286d4d017c38e27d7900d52fdb28_s390x as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2f2e78fd6d5a22d977e80100425da58d77a5286d4d017c38e27d7900d52fdb28_s390x, *, *
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:bf234df32160c906c15cc437b66a7b35a913a400f921f2cd2e44c83a02d9c7b0_s390x as a component of cert-manager operator for Red Hat OpenShift 1.18*, registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:bf234df32160c906c15cc437b66a7b35a913a400f921f2cd2e44c83a02d9c7b0_s390x, registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:bf234df32160c906c15cc437b66a7b35a913a400f921f2cd2e44c83a02d9c7b0_s390x
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:749ce9e6e1216fc8e8e29c01ff14b11a1290de1bec9bd4d692f5cbace03f8e95_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.18*, registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:749ce9e6e1216fc8e8e29c01ff14b11a1290de1bec9bd4d692f5cbace03f8e95_arm64, *
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9f89f2a9de21e45f472d533a7b627c7f27fdf726efef24ff972cebfd30815cbf_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9f89f2a9de21e45f472d533a7b627c7f27fdf726efef24ff972cebfd30815cbf_arm64, registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9f89f2a9de21e45f472d533a7b627c7f27fdf726efef24ff972cebfd30815cbf_arm64, registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9f89f2a9de21e45f472d533a7b627c7f27fdf726efef24ff972cebfd30815cbf_arm64
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9f89f2a9de21e45f472d533a7b627c7f27fdf726efef24ff972cebfd30815cbf_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9f89f2a9de21e45f472d533a7b627c7f27fdf726efef24ff972cebfd30815cbf_arm64, *, registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9f89f2a9de21e45f472d533a7b627c7f27fdf726efef24ff972cebfd30815cbf_arm64
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c8c319818479dfb5856d50ccebe1c6aaad008aff2b1ac5c317763a697884b2c2_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.18*, *, *
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:7906836c624e2aea656d2c64bd3fee260b69c9f6a0ab46e5d228154f5d6241c4_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:7906836c624e2aea656d2c64bd3fee260b69c9f6a0ab46e5d228154f5d6241c4_ppc64le, registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:7906836c624e2aea656d2c64bd3fee260b69c9f6a0ab46e5d228154f5d6241c4_ppc64le, registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:7906836c624e2aea656d2c64bd3fee260b69c9f6a0ab46e5d228154f5d6241c4_ppc64le
golangGo
golangGo standard library
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:77f4d70980abe59f1e69bf38bfeeeed0b84b27fe9ae3286666d01a0c8aa6b067_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:77f4d70980abe59f1e69bf38bfeeeed0b84b27fe9ae3286666d01a0c8aa6b067_ppc64le, registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:77f4d70980abe59f1e69bf38bfeeeed0b84b27fe9ae3286666d01a0c8aa6b067_ppc64le, registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:77f4d70980abe59f1e69bf38bfeeeed0b84b27fe9ae3286666d01a0c8aa6b067_ppc64le
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c8c319818479dfb5856d50ccebe1c6aaad008aff2b1ac5c317763a697884b2c2_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c8c319818479dfb5856d50ccebe1c6aaad008aff2b1ac5c317763a697884b2c2_amd64, *, *
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:08b6b8c954c1a7ceb5a446eb1bc3e28c434cc576b77cd369c85ea79775dfb1cc_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.18registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:08b6b8c954c1a7ceb5a446eb1bc3e28c434cc576b77cd369c85ea79775dfb1cc_amd64, registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:08b6b8c954c1a7ceb5a446eb1bc3e28c434cc576b77cd369c85ea79775dfb1cc_amd64, registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:08b6b8c954c1a7ceb5a446eb1bc3e28c434cc576b77cd369c85ea79775dfb1cc_amd64

Timeline

  • Jan 22, 2026 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Jul 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›