Large Certificate Chains Cause Slow Certificate Validation in Some Software

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Large Certificate Chains Cause Slow Certificate Validation in Some Software

GO-2026-4946 CVE-2026-32281

Summary

Certain software that checks digital certificates for trust may take a long time to validate certificates that have many policy mappings. This can cause the software to become unresponsive or slow. If you're using this software, check your certificate validation processes to ensure they're not being slowed down by large certificate chains.

What to do

Update stdlib to version 1.26.2.

Affected software

Vendor	Product	Affected versions	Fix available
–	stdlib	> 1.26.0-0 , <= 1.26.2	1.26.2

Original title

Original description

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

https://go.dev/cl/758061 Patch
https://go.dev/issue/78281 Third Party Advisory
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU URL
https://pkg.go.dev/vuln/GO-2026-4946

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026