Go crypto/x509 Intermediates DoS (<=1.26.2)
CVE-2026-32280 Published on April 8, 2026
Unexpected work during chain building in crypto/x509
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
Products Associated with CVE-2026-32280
Want to know whenever a new CVE is published for GoLang Go? stack.watch will email you.
Affected Versions
Go standard library crypto/x509:- Before 1.25.9 is affected.
- Version 1.26.0-0 and below 1.26.2 is affected.