CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-27138

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.9%

CVSS Severity

CVSS v3 Score 5.9

References

https://go.dev/cl/752183
https://go.dev/issue/77953
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://pkg.go.dev/vuln/GO-2026-4600

Products affected by CVE-2026-27138

Golang » Go » Version: 1.26.0

cpe:2.3:a:golang:go:1.26.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-27138

Products

Pricing

Contact Us