Donate Telegram

CVE-2026-27138

NONE EPSS 0.03%

Mar 06, 2026

Updated Mar 06, 2026

Certificate

Parameter	Value
Vendor	Certificate
Public PoC	No

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

References 4

https://go.dev/cl/752183

security@golang.org

https://go.dev/issue/77953

security@golang.org

https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk

security@golang.org

https://pkg.go.dev/vuln/GO-2026-4600

security@golang.org

Share Post Share Share Share

CVE Details

CVE ID

CVE-2026-27138

Published Date

Mar 06, 2026

Vendor

Certificate

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.03%

Likelihood of exploitation in next 30 days

Percentile: 10.0th percentile (higher than 10.0% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice