Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
Apache HTTP Server crashes when verifying certain certificates
CVE-2026-27138
BIT-golang-2026-27138
Summary
Apache HTTP Server may crash when verifying some digital certificates. This can happen when a certificate is missing a domain name and another certificate in the chain excludes certain names. To fix the issue, update to a patched version of the Apache HTTP Server.
What to do
- Update stdlib to version 1.26.1.
- Update golang to version 1.26.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | stdlib | > 1.26.0-0 , <= 1.26.1 | 1.26.1 |
| – | golang | > 1.26.0-0 , <= 1.26.1 | 1.26.1 |
Original title
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either ...
Original description
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026