Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Crypto/X509: Excessive Work in Certificate Chain Verification
GO-2026-4947
CVE-2026-32280
Summary
When verifying a chain of digital certificates, a large number of intermediate certificates can cause the system to become unresponsive or even crash. This issue affects users of the crypto/x509 and crypto/tls packages, potentially disrupting secure connections and transactions. To mitigate this, limit the number of intermediate certificates or update to the latest version of the affected package.
What to do
- Update stdlib to version 1.26.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | stdlib | > 1.26.0-0 , <= 1.26.2 | 1.26.2 |
Original title
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denia...
Original description
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026