CVE-2026-42505

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/07/2026
Last modified:
13/07/2026

Description

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* 1.25.12 (excluding)
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* 1.26.0 (including) 1.26.5 (excluding)
cpe:2.3:a:golang:go:1.27:rc1:*:*:*:*:*:*