CVE Vulnerabilities

CVE-2026-27138

Improper Certificate Validation

Published: Mar 06, 2026 | Modified: Apr 21, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
3.7 LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

NameVendorStart VersionEnd Version
GoGolang1.26.0 (including)1.26.0 (including)
Red Hat Hardened ImagesRedHatgolang1-26-main-1.26.2-1.hum1*
Golang-1.26Ubuntuupstream*

Potential Mitigations

References