When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1580-1 advisory.

    - Update to go1.26.2 (bsc#1255111).
    - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).
    - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).
    - CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).
    - CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).
    - CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).
    - CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658).
    - CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock     (bsc#1261659).
    - CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).
    - CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661).
    - CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains     (bsc#1261662).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20571-1 advisory.

    - Update to version go1.26.2 (bsc#1255111).
    - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).
    - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).
    - CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).
    - CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).
    - CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).
    - CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658).
    - CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock     (bsc#1261659).
    - CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).
    - CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661).
    - CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains     (bsc#1261662).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1320-1 advisory.

    - Update to go1.26.2 (bsc#1255111).
    - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).
    - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).
    - CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).
    - CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).
    - CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).
    - CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658).
    - CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock     (bsc#1261659).
    - CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).
    - CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661).
    - CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains     (bsc#1261662).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Golang running on the remote host is 1.25.x prior to 1.25.9, or 1.26.x prior to 1.26.2. It is, therefore, affected by multiple vulnerabilities, including:

  - Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the     compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.
    (CVE-2026-27143)

  - SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code     execution at build time due to trust layer bypass. (CVE-2026-27140)

  - The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion     prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to     memory corruption at runtime. (CVE-2026-27144)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - When verifying a certificate chain containing excluded DNS constraints, these constraints are not     correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects     validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots     CertPool, or in the system certificate pool. (CVE-2026-33810)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
310239	SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:1580-1)	Nessus	SuSE Local Security Checks	critical
309134	openSUSE 16 Security Update : go1.26 (openSUSE-SU-2026:20571-1)	Nessus	SuSE Local Security Checks	critical
306493	SUSE SLED15 / SLES15 Security Update : go1.26 (SUSE-SU-2026:1320-1)	Nessus	SuSE Local Security Checks	critical
305686	Golang 1.25.x < 1.25.9 / 1.26.x < 1.26.2 Multiple Vulnerabilities	Nessus	Misc.	critical
305653	Linux Distros Unpatched Vulnerability : CVE-2026-33810	Nessus	Misc.	high

Detections

Analytics

CVE-2026-33810

high

Tenable Plugins

critical

critical

critical

critical

high