CVE-2026-42508

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

22/05/2026

Last modified:

22/05/2026

Description

Previously, a revoked &#39;SignatureKey&#39; belonging to a CA was not correctly checked for revocation. Now, both the &#39;key&#39; and &#39;key.SignatureKey&#39; are checked for @revoked.

Impact

References to Advisories, Solutions, and Tools

https://go.dev/cl/781220
https://go.dev/issue/79568
https://groups.google.com/g/golang-announce/c/a082jnz-LvI
https://pkg.go.dev/vuln/GO-2026-5021