Vulnerability DatabaseCVE-2026-27138
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-27138
March 06, 2026
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
Affected Packages
https://github.com/golang/go.git (GITHUB):
Affected version(s) =go1.26.0 <go1.26.1
Fix Suggestion:
Update to version go1.26.1
github.com/golang/go (GO):
Affected version(s) =go1.26.0 <go1.26.1
Fix Suggestion:
Update to version go1.26.1
Related ResourcesĀ (4)
https://go.dev/issue/77953
https://go.dev/cl/752183
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://pkg.go.dev/vuln/GO-2026-4600
Do you need more information?
Contact Us
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
EPSS
Base Score:
0.02