CVE Vulnerabilities

CVE-2026-27137

Improper Certificate Validation

Published: Mar 06, 2026 | Modified: Jun 30, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

NameVendorStart VersionEnd Version
GoGolang1.26.0 (including)1.26.0 (including)
Red Hat Enterprise Linux 10RedHatrhc-worker-playbook-0:0.2.3-4.el10_1*
Red Hat Enterprise Linux 10RedHatdelve-0:1.25.2-3.el10_1*
Red Hat Enterprise Linux 10RedHatgolang-0:1.26.2-2.el10_2*
Red Hat Enterprise Linux 10RedHatgolang-github-openprinting-ipp-usb-0:0.9.27-6.el10_2*
Red Hat Enterprise Linux 10RedHatrhc-worker-playbook-0:0.2.7-3.el10_2*
Red Hat Enterprise Linux 10RedHatosbuild-composer-0:165.1-2.el10_2*
Red Hat Enterprise Linux 10RedHatimage-builder-0:52.1-1.el10_2*
Red Hat Enterprise Linux 10.0 Extended Update SupportRedHatrhc-worker-playbook-0:0.2.3-4.el10_0*
Red Hat Enterprise Linux 9RedHatgolang-0:1.26.2-1.el9_8*
Red Hat Enterprise Linux 9RedHatosbuild-composer-0:165.1-2.el9_8*
Red Hat Enterprise Linux 9RedHatimage-builder-0:52.1-1.el9_8*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatgvisor-tap-vsock-6:0.8.5-2.el9_6.2*
Red Hat OpenStack Platform 17.1 for RHEL 9RedHatetcd-0:3.4.26-9.5.el9ost*
DevWorkspace Operator 0.4RedHatdevworkspace/devworkspace-rhel9-operator:1776457293*
Logging Subsystem for Red Hat OpenShift 6.0RedHatopenshift-logging/eventrouter-rhel9:1781192891*
Logging Subsystem for Red Hat OpenShift 6.2RedHatopenshift-logging/eventrouter-rhel9:1776800087*
Logging Subsystem for Red Hat OpenShift 6.4RedHatopenshift-logging/eventrouter-rhel9:1780051640*
Multicluster Global Hub 1.3.4RedHatmulticluster-globalhub/multicluster-globalhub-agent-rhel9:1779210675*
Multicluster Global Hub 1.4.5RedHatmulticluster-globalhub/multicluster-globalhub-agent-rhel9:1779838819*
Multicluster Global Hub 1.5.4RedHatmulticluster-globalhub/multicluster-globalhub-agent-rhel9:1779828691*
Multicluster Global Hub 1.5.4RedHatmulticluster-globalhub/multicluster-globalhub-agent-rhel9:1773650627*
Multicluster Global Hub 1.6.2RedHatmulticluster-globalhub/multicluster-globalhub-agent-rhel9:1780320809*
OpenShift API for Data Protection 1.4RedHatoadp/oadp-velero-rhel9:1779809598*
OpenShift API for Data Protection 1.5RedHatoadp/oadp-velero-rhel9:1779808027*
Red Hat Advanced Cluster Management for Kubernetes 2.15RedHatrhacm2/subctl-rhel9:1774085848*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/receptor-rhel9:1777391542*
Red Hat Hardened ImagesRedHatgolang1-26-main-1.26.2-1.hum1*
Red Hat Lightspeed (formerly Insights) for Runtimes 1RedHatrh-lightspeed-runtimes/runtimes-inventory-rhel9-operator:1.0.2-1776288486*
Red Hat OpenShift AI 2.25RedHatrhoai/odh-rhel9-operator:1776773362*
Red Hat OpenShift Builds 1.6.5RedHatopenshift-builds/openshift-builds-waiters-rhel9:1774334066*
Red Hat OpenShift Builds 1.7.3RedHatopenshift-builds/openshift-builds-waiters-rhel9:1776846936*
Red Hat OpenShift Builds 1.7.3RedHatopenshift-builds/openshift-builds-waiters-rhel9:1776846936*
Red Hat OpenShift Dev Spaces 3.27RedHatdevspaces/udi-rhel9:1776789889*
Red Hat OpenShift distributed tracing 3.9.3RedHatrhosdt/tempo-rhel9:1776435680*
Red Hat OpenShift GitOps 1.18RedHatopenshift-gitops-1/dex-rhel8:1776755965*
Red Hat OpenShift GitOps 1.19RedHatopenshift-gitops-1/dex-rhel8:1776767162*
Red Hat OpenShift GitOps 1.2RedHatopenshift-gitops-1/dex-rhel9:1776773421*
Red Hat Quay 3.16RedHatquay/quay-rhel9:1779204086*
Red Hat Satellite 6.18RedHatsatellite/iop-vmaas-rhel9:1778082595*
Red Hat Trusted Artifact Signer 1.3RedHatrhtas/client-server-rhel9:1776339099*
Red Hat Web Terminal 1.11RedHatweb-terminal/web-terminal-exec-rhel9:1776966691*
Red Hat Web Terminal 1.12RedHatweb-terminal/web-terminal-exec-rhel9:1776959849*
Red Hat Web Terminal 1.13RedHatweb-terminal/web-terminal-exec-rhel9:1776197785*
Red Hat Web Terminal 1.14RedHatweb-terminal/web-terminal-exec-rhel9:1776199398*
Red Hat Web Terminal 1.15RedHatweb-terminal/web-terminal-exec-rhel9:1775672762*
Golang-1.26Ubuntuupstream*

Potential Mitigations

References