CVE-2026-27145

high

Description

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

References

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27145.json

https://pkg.go.dev/vuln/GO-2026-5037

https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw

https://go.dev/issue/79694

https://go.dev/cl/783621

https://bugzilla.redhat.com/show_bug.cgi?id=2484207

https://access.redhat.com/security/cve/CVE-2026-27145

https://access.redhat.com/errata/RHSA-2026:36797

https://access.redhat.com/errata/RHSA-2026:36648

https://access.redhat.com/errata/RHSA-2026:36317

https://access.redhat.com/errata/RHSA-2026:35832

https://access.redhat.com/errata/RHSA-2026:34359

https://access.redhat.com/errata/RHSA-2026:34357

https://access.redhat.com/errata/RHSA-2026:33574

https://access.redhat.com/errata/RHSA-2026:29981

Details

Source: Mitre, NVD

Published: 2026-06-02

Updated: 2026-07-09

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00004