Description

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

INFO

Published Date :

2026-04-08T01:06:58.595Z

Last Modified :

2026-04-08T17:46:47.347Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32280 vulnerability.

Vendors Products
Go Standard Library
  • Crypto/x509
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32280.

URL Resource
https://go.dev/cl/758320 cve-icon cve-icon
https://go.dev/issue/78282 cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU cve-icon cve-icon
https://pkg.go.dev/vuln/GO-2026-4947 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact