Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
TLS 1.3 Key Update Records Can Cause Persistent Connections
GO-2026-4870
CVE-2026-32283
Summary
A vulnerability in TLS 1.3 can cause connections to become stuck, wasting server resources. This happens when a server or client sends multiple key update messages in one go, freezing the connection. To protect your business, update your TLS 1.3 software to the latest version.
What to do
- Update stdlib to version 1.26.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | stdlib | > 1.26.0-0 , <= 1.26.2 | 1.26.2 |
Original title
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to ...
Original description
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026