Go crypto/tls TLS 1.3 KeyUpdate deadlock DoS (1.25.9 & <1.26.2)
CVE-2026-32283 Published on April 8, 2026

Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

NVD

Vulnerability Analysis

CVE-2026-32283 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Multiple Locks of a Critical Resource

The software locks a critical resource more times than intended, leading to an unexpected state in the system. When software is operating in a concurrent environment and repeatedly locks a critical resource, the consequences will vary based on the type of lock, the lock's implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra locking calls will reduce the size of the total available pool, possibly leading to degraded performance or a denial of service. If this can be triggered by an attacker, it will be similar to an unrestricted lock (CWE-412). In the context of a binary lock, it is likely that any duplicate locking attempts will never succeed since the lock is already held and progress may not be possible.


Products Associated with CVE-2026-32283

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Ansible Automation Platform
 
Red Hat Ansible Automation Platform Developer
 
Red Hat Rhel Els
 
Red Hat Ansible Automation Platform Inside
 
Red Hat Satellite
 
Red Hat Satellite Capsule
 
Red Hat Satellite Maintenance
 
Red Hat Satellite Utils
 
Red Hat Cryostat
 
Red Hat Openstack
 
Red Hat Enterprise Linux Eus
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Rhel Aus
 
Red Hat Rhel E4s
 
Red Hat Rhel Tus
 
Red Hat Rhel Eus
 
Red Hat Openshift Custom Metrics Autoscaler
 
Red Hat Multicluster Globalhub
 
Red Hat Openshift Compliance Operator
 
Red Hat Hummingbird
 
Red Hat Lightspeed For Runtimes
 
Red Hat Openshift Distributed Tracing
 
Red Hat Assisted Installer
 
Red Hat Openshift Builds
 
Red Hat Cert Manager
 
Red Hat Confidential Compute Attestation
 
Red Hat Deployment Validator Operator
 
Red Hat External Secrets Operator
 
Red Hat Ext Dns Optr
 
Red Hat Workload Availability Far
 
Red Hat Openshift File Integrity Operator
 
Red Hat Gatekeeper
 
Red Hat Logging
 
Red Hat Lvms
 
Red Hat Workload Availability Mdr
 
Red Hat Migration Toolkit Applications
 
Red Hat Rhmt
 
Red Hat Mirror Registry
 
Red Hat Multicluster Engine
 
Red Hat Network Observ Optr
 
Red Hat Workload Availability Nhc
 
Red Hat Openshift Api Data Protection
 
Red Hat Ocp Tools
 
Red Hat Openshift Lightspeed
 
Red Hat Openshift Pipelines
 
Red Hat Serverless
 
Red Hat Service Mesh
 
Red Hat Openshift Power Monitoring
 
Red Hat 3scale Amp
 
Red Hat Acm
 
Red Hat Advanced Cluster Security
 
Red Hat Amq Broker
 
Red Hat Apache Camel Hawtio
 
Red Hat Service Registry
 
Red Hat Certifications
 
Red Hat Connectivity Link
 
Red Hat Rhdh
 
Red Hat Edge Manager
 
Red Hat Enterprise Linux Ai
 
Red Hat Jboss Enterprise Web Server
 
Red Hat Openshift Ai
 
Red Hat Openshift Cluster Manager Cli
 
Red Hat Openshift
 
Red Hat Openshift Data Foundation
 
Red Hat Openshift Devspaces
 
Red Hat Devworkspace
 
Red Hat Windows Machine Config
 
Red Hat Openshift Gitops
 
Red Hat Openshift Service On Aws
 
Red Hat Container Native Virtualization
 
Red Hat Quay
 
Red Hat Trusted Artifact Signer
 
Red Hat Webterminal
 
Red Hat Openshift Security Profiles Operator
 
Red Hat Stf
 
Red Hat Amq Streams
 
Red Hat Zero Trust Workload Identity Manager
 
Red Hat Service Interconnect
 

Affected Versions

Go standard library crypto/tls: Red Hat Ansible Automation Platform 2.6 for RHEL 10: Red Hat Enterprise Linux Server (v. 7 ELS): Red Hat Ansible Automation Platform 2.5 for RHEL 8: Red Hat Satellite 6.16 for RHEL 8: Red Hat Ansible Automation Platform 2.5 for RHEL 9: Red Hat Ansible Automation Platform 2.6 for RHEL 9: Red Hat Cryostat 4 on RHEL 9: Red Hat OpenStack Platform 17.1: Red Hat Satellite 6.16 for RHEL 9: Red Hat Enterprise Linux AppStream EUS (v. 10.0): Red Hat Enterprise Linux AppStream (v. 10): Red Hat Enterprise Linux AppStream (v. 8): Red Hat Enterprise Linux AppStream AUS (v.8.6): Red Hat Enterprise Linux AppStream E4S (v.8.6): Red Hat Enterprise Linux AppStream TUS (v.8.6): Red Hat Enterprise Linux AppStream E4S (v.9.0): Red Hat Enterprise Linux AppStream EUS (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.6): Red Hat Enterprise Linux AppStream (v. 9): Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0): Red Hat Enterprise Linux CodeReady Linux Builder (v. 10): Red Hat CodeReady Linux Builder EUS (v.9.6): Red Hat Enterprise Linux CodeReady Linux Builder (v. 9): Red Hat Custom Metric Autoscaler 2.19: Red Hat Multicluster Global Hub 1.3.4: Red Hat Multicluster Global Hub 1.4.5: Red Hat Multicluster Global Hub 1.5.4: Red Hat Multicluster Global Hub 1.6.2: Red Hat OpenShift Compliance Operator 1: Red Hat Hardened Images: Red Hat Lightspeed (formerly Insights) for Runtimes 1: Red Hat OpenShift distributed tracing 3.9.3: Assisted Installer for Red Hat OpenShift Container Platform 2: Builds for Red Hat OpenShift: cert-manager Operator for Red Hat OpenShift: Red Hat Confidential Compute Attestation: Red Hat Deployment Validation Operator: External Secrets Operator for Red Hat OpenShift: Red Hat ExternalDNS Operator: Red Hat Fence Agents Remediation Operator: Red Hat File Integrity Operator: Red Hat Gatekeeper 3: Logging Subsystem for Red Hat OpenShift: Red Hat Logical Volume Manager Storage: Red Hat Machine Deletion Remediation Operator: Red Hat Migration Toolkit for Applications 8: Red Hat Migration Toolkit for Containers: mirror registry for Red Hat OpenShift: mirror registry for Red Hat OpenShift 2: Red Hat Multicluster Engine for Kubernetes: Red Hat Network Observability Operator: Red Hat Node HealthCheck Operator: Red Hat OpenShift API for Data Protection: Red Hat OpenShift Developer Tools and Services: Red Hat OpenShift Lightspeed: Red Hat OpenShift Pipelines: Red Hat OpenShift Serverless: Red Hat OpenShift Service Mesh 2: Red Hat OpenShift Service Mesh 3: Power monitoring for Red Hat OpenShift: Red Hat 3scale API Management Platform 2: Red Hat Advanced Cluster Management for Kubernetes 2: Red Hat Advanced Cluster Security 4: Red Hat AMQ Broker 7: Red Hat Ansible Automation Platform 2: Red Hat build of Apache Camel - HawtIO 4: Red Hat build of Apicurio Registry 2: Red Hat Certification Program for Red Hat Enterprise Linux 9: Red Hat Connectivity Link 1: Red Hat Developer Hub: Red Hat Edge Manager 1: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat JBoss Web Server 6: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift Cluster Manager CLI: Red Hat OpenShift Container Platform 4: Red Hat Openshift Data Foundation 4: Red Hat OpenShift Dev Spaces: Red Hat OpenShift Dev Workspaces Operator: Red Hat OpenShift for Windows Containers: Red Hat OpenShift GitOps: Red Hat OpenShift on AWS: Red Hat OpenShift Virtualization 4: Red Hat OpenStack Platform 16.2: Red Hat OpenStack Platform 18.0: Red Hat Quay 3: Red Hat Satellite 6: Red Hat Trusted Artifact Signer: Red Hat Web Terminal: Red Hat Security Profiles Operator: Red Hat Service Telemetry Framework 1.5: Red Hat streams for Apache Kafka 3: Red Hat Zero Trust Workload Identity Manager: Red Hat Zero Trust Workload Identity Manager - Tech Preview: Red Hat Service Interconnect 1: Red Hat Service Interconnect 2:

Exploit Probability

EPSS
0.45%
Percentile
35.65%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.