CVE-2025-61730

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

28/01/2026

Last modified:

28/01/2026

Description

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Impact

References to Advisories, Solutions, and Tools

https://go.dev/cl/724120
https://go.dev/issue/76443
https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc
https://pkg.go.dev/vuln/GO-2026-4340