Go crypto/x509 Intermediates DoS (<=1.26.2)
CVE-2026-32280 Published on April 8, 2026

Unexpected work during chain building in crypto/x509
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

NVD

Vulnerability Analysis

CVE-2026-32280 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.


Products Associated with CVE-2026-32280

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-32280 are published in these products:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Affected Versions

Go standard library crypto/x509: Red Hat Ansible Automation Platform 2.6 for RHEL 10: Red Hat Enterprise Linux Server (v. 7 ELS): Red Hat Ansible Automation Platform 2.5 for RHEL 8: Red Hat OpenShift Container Platform 4.14: Red Hat OpenShift Container Platform 4.15: Red Hat OpenShift Container Platform 4.18: Red Hat Satellite 6.16 for RHEL 8: Red Hat Ansible Automation Platform 2.5 for RHEL 9: Red Hat Ansible Automation Platform 2.6 for RHEL 9: Red Hat Cryostat 4 on RHEL 9: Red Hat OpenStack Platform 17.1: Red Hat OpenShift Container Platform 4.19: Red Hat Satellite 6.16 for RHEL 9: Red Hat Satellite 6.19 for RHEL 9: Red Hat Enterprise Linux AppStream EUS (v. 10.0): Red Hat Enterprise Linux AppStream (v. 10): Red Hat Enterprise Linux AppStream (v. 8): Red Hat Enterprise Linux AppStream AUS (v.8.6): Red Hat Enterprise Linux AppStream E4S (v.8.6): Red Hat Enterprise Linux AppStream TUS (v.8.6): Red Hat Enterprise Linux AppStream E4S (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.6): Red Hat Enterprise Linux AppStream (v. 9): Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0): Red Hat Enterprise Linux CodeReady Linux Builder (v. 10): Red Hat CodeReady Linux Builder EUS (v.9.6): Red Hat Enterprise Linux CodeReady Linux Builder (v. 9): Red Hat Custom Metric Autoscaler 2.19: Red Hat HawtIO HawtIO 4.4.0: Logging Subsystem for Red Hat OpenShift 6.0: Logging Subsystem for Red Hat OpenShift 6.4: Red Hat Multicluster Global Hub 1.4.5: Red Hat Multicluster Global Hub 1.5.4: Red Hat Multicluster Global Hub 1.6.2: Red Hat Network Observability (NETOBSERV) 1.11.2: Red Hat OpenShift API for Data Protection 1.4: Red Hat OpenShift API for Data Protection 1.5: Red Hat OpenShift Compliance Operator 1: Red Hat Advanced Cluster Management for Kubernetes 2.14: Red Hat Advanced Cluster Security for Kubernetes 4.10: Red Hat Advanced Cluster Security for Kubernetes 4.9: Red Hat Ansible Automation Platform 2.6: Red Hat Developer Hub 1.8: Red Hat Developer Hub 1.9: Red Hat Lightspeed (formerly Insights) for Runtimes 1: Red Hat OpenShift AI 2.25: Red Hat OpenShift Builds 1.7.4: Red Hat OpenShift Dev Spaces 3.28: Red Hat OpenShift Service Mesh 2.6: Red Hat OpenShift Service Mesh 3.0: Red Hat OpenShift Service Mesh 3.1: Red Hat OpenShift Service Mesh 3.2: Red Hat OpenShift Service Mesh 3.3: Red Hat OpenShift distributed tracing 3.9.3: Red Hat OpenStack 1.5: Red Hat Quay 3.10: Red Hat Quay 3.14: Red Hat Quay 3.15: Red Hat Quay 3.16: Red Hat Quay 3.17: Red Hat Quay 3.9: Red Hat Trusted Artifact Signer 1.3: Red Hat Web Terminal 1.11: Red Hat Web Terminal 1.12: Red Hat Web Terminal 1.13: Red Hat Web Terminal 1.14: Red Hat Web Terminal 1.15: mirror registry for Red Hat OpenShift 2.0: Red Hat multicluster engine for Kubernetes 2.10: Red Hat multicluster engine for Kubernetes 2.11: Red Hat multicluster engine for Kubernetes 2.17: Red Hat multicluster engine for Kubernetes 2.6: Red Hat multicluster engine for Kubernetes 2.8: Assisted Installer for Red Hat OpenShift Container Platform 2: cert-manager Operator for Red Hat OpenShift: Red Hat Confidential Compute Attestation: Red Hat Deployment Validation Operator: External Secrets Operator for Red Hat OpenShift: Red Hat ExternalDNS Operator: Red Hat Fence Agents Remediation Operator: Red Hat File Integrity Operator: Red Hat Gatekeeper 3: Logging Subsystem for Red Hat OpenShift: Red Hat Logical Volume Manager Storage: Red Hat Migration Toolkit for Containers: mirror registry for Red Hat OpenShift: Red Hat Multicluster Engine for Kubernetes: Red Hat Node HealthCheck Operator: Red Hat OpenShift Developer Tools and Services: Red Hat OpenShift Lightspeed: Red Hat OpenShift Pipelines: Red Hat OpenShift Serverless: Red Hat 3scale API Management Platform 2: Red Hat Advanced Cluster Management for Kubernetes 2: Red Hat AI Inference Server: Red Hat Certification Program for Red Hat Enterprise Linux 9: Red Hat Connectivity Link 1: Red Hat Edge Manager 1: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift Cluster Manager CLI: Red Hat OpenShift Container Platform 4: Red Hat Openshift Data Foundation 4: Red Hat OpenShift Dev Workspaces Operator: Red Hat OpenShift GitOps: Red Hat OpenShift on AWS: Red Hat OpenShift Virtualization 4: Red Hat OpenStack Platform 16.2: Red Hat OpenStack Platform 18.0: Red Hat Satellite 6: Red Hat Security Profiles Operator: Red Hat Zero Trust Workload Identity Manager: Red Hat Zero Trust Workload Identity Manager - Tech Preview: Red Hat Machine Deletion Remediation Operator: Red Hat Migration Toolkit for Applications 8: Red Hat OpenShift Service Mesh 2: Red Hat OpenShift Service Mesh 3: Power monitoring for Red Hat OpenShift: Red Hat Ansible Automation Platform 2: Red Hat Hardened Images: Red Hat OpenShift for Windows Containers: Red Hat Quay 3: Red Hat Service Interconnect 1: Red Hat Service Interconnect 2: Red Hat streams for Apache Kafka 3:

Exploit Probability

EPSS
0.37%
Percentile
28.80%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.