CVE-2026-42508

Severity CVSS v4.0:
Pending analysis
Type:
CWE-295 Improper Certificate Validation
Publication date:
22/05/2026
Last modified:
03/07/2026

Description

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:* 0.52.0 (excluding)