Zurück zur CVE-Übersicht
CVE-2026-27137
HIGH(7.5)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Risk Signal Score19/100 — NIEDRIG
- CVSS 7.5 — Hoch
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
7.5
Technische Schwere
Beschreibung
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
Referenzen
- https://go.dev/cl/752182
- https://go.dev/issue/77952
- https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
- https://pkg.go.dev/vuln/GO-2026-4599
- https://access.redhat.com/errata/RHSA-2026:10125
- https://access.redhat.com/errata/RHSA-2026:10158
- https://access.redhat.com/errata/RHSA-2026:10169
- https://access.redhat.com/errata/RHSA-2026:10175
- https://access.redhat.com/errata/RHSA-2026:10184
- https://access.redhat.com/errata/RHSA-2026:10225