CVE-2026-33810

HIGH EPSS 17.1%
Published Apr 8, 20262mo ago · Modified Jun 17, 20261w ago
8.2 CVSS 3.1
High
Find Similar
Published Apr 8, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

CVSS Details

Base Score
8.2
Exploitability
3.9
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
17.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-295

Affected Products 1

VendorProductVersionRange
golanggo*≥1.26.0  –  <1.26.2

References 6

  • openwall.com http://www.openwall.com/lists/oss-security/2026/04/19/4
  • openwall.com http://www.openwall.com/lists/oss-security/2026/04/20/1
  • go.dev https://go.dev/cl/763763
    Patch
  • go.dev https://go.dev/issue/78332
    Issue Tracking
  • groups.google.com https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
    Mailing ListRelease Notes
  • pkg.go.dev https://pkg.go.dev/vuln/GO-2026-4866
    Vendor Advisory

Remediation

  • go.dev https://go.dev/cl/763763
    Patch