CVE-2026-32280

Published: Apr 8, 2026

Modified: Apr 8, 2026

PUBLISHED

Description

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

Vendor	Product	Versions
Go standard library	crypto/x509	affected `0 - < 1.25.9` affected `1.26.0-0 - < 1.26.2`

References

https://go.dev/cl/758320

https://go.dev/issue/78282

https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU

https://pkg.go.dev/vuln/GO-2026-4947

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-32280

Description

Affected Products

References