Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
SSL Certificate Verification Can Crash Certain Programs
DEBIAN-CVE-2026-27138
Summary
Certain SSL certificates can cause programs to crash if they're part of a chain with excluded name constraints and an empty DNS name. This affects programs that verify X.509 certificates or use TLS connections. To stay safe, update your certificate verification libraries and be cautious when importing new certificates.
What to do
- Update debian golang-1.26 to version 1.26.1-1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | golang-1.26 | <= 1.26.1-1 | 1.26.1-1 |
Original title
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either ...
Original description
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
- https://security-tracker.debian.org/tracker/CVE-2026-27138 Vendor Advisory
Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026