CVE-2026-27137

{"id": "CVE-2026-27137", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-06T22:16:00.850", "references": [{"url": "https://go.dev/cl/752182", "tags": ["Mailing List"], "source": "security@golang.org"}, {"url": "https://go.dev/issue/77952", "tags": ["Issue Tracking"], "source": "security@golang.org"}, {"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "tags": ["Release Notes"], "source": "security@golang.org"}, {"url": "https://pkg.go.dev/vuln/GO-2026-4599", "tags": ["Vendor Advisory"], "source": "security@golang.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered."}, {"lang": "es", "value": "Al verificar una cadena de certificados que contiene un certificado con m\u00faltiples restricciones de direcci\u00f3n de correo electr\u00f3nico que comparten porciones locales comunes pero porciones de dominio diferentes, estas restricciones no se aplicar\u00e1n correctamente, y solo la \u00faltima restricci\u00f3n ser\u00e1 considerada."}], "lastModified": "2026-04-21T14:40:31.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:golang:go:1.26.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A40FE3CB-0D03-462B-8A19-4DF1920ABE82"}], "operator": "OR"}]}], "sourceIdentifier": "security@golang.org"}