CVE-2026-27137

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

06/03/2026

Last modified:

09/03/2026

Description

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Impact

References to Advisories, Solutions, and Tools

https://go.dev/cl/752182
https://go.dev/issue/77952
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://pkg.go.dev/vuln/GO-2026-4599