wid-sec-w-2026-1006 · Published 2026-04-07 · View on BSI CERT-Bund ↗

Golang Go: Multiple Vulnerabilities

CVSS N/A NONE

Risk Summary

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

CVEs (10)

CVE-2026-27140 CVE-2026-27143 CVE-2026-27144 CVE-2026-32280 CVE-2026-32281 CVE-2026-32282 CVE-2026-32283 CVE-2026-32288 CVE-2026-32289 CVE-2026-33810

Affected Vendors

Golang

Affected Products (4)

Golang · Go <1.26.2

Golang · Go 1.26.2

Golang · Go <1.25.9

Golang · Go 1.25.9

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more