CVE-2026-27138

Published: Mar 06, 2026 Last Modified: Mar 10, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0002
Percentile
0,1th
Updated

EPSS Score Trend (Last 9 Days)

https://go.dev/cl/752183
https://go.dev/cl/752183
https://go.dev/issue/77953
https://go.dev/issue/77953
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://pkg.go.dev/vuln/GO-2026-4600
https://pkg.go.dev/vuln/GO-2026-4600