CVE-2026-27137 (GCVE-0-2026-27137)
Vulnerability from cvelistv5 – Published: 2026-03-06 21:28 – Updated: 2026-06-30 12:06
VLAI
Title
Incorrect enforcement of email constraints in crypto/x509
Summary
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
51 references
Impacted products
96 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
1.26.0-0 , < 1.26.1
(semver)
|
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 cpe:/a:redhat:openstack:17.1::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | DevWorkspace Operator 0.4 |
cpe:/a:redhat:devworkspace:0.40::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.0 |
cpe:/a:redhat:logging:6.0::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.2 |
cpe:/a:redhat:logging:6.2::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.4 |
cpe:/a:redhat:logging:6.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.3.4 |
cpe:/a:redhat:multicluster_globalhub:1.3::el9 |
|
| Red Hat | Multicluster Global Hub 1.4.5 |
cpe:/a:redhat:multicluster_globalhub:1.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.5.4 |
cpe:/a:redhat:multicluster_globalhub:1.5::el9 |
|
| Red Hat | Multicluster Global Hub 1.6.2 |
cpe:/a:redhat:multicluster_globalhub:1.6::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.4 |
cpe:/a:redhat:openshift_api_data_protection:1.4::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.5 |
cpe:/a:redhat:openshift_api_data_protection:1.5::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.15 |
cpe:/a:redhat:acm:2.15::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Lightspeed (formerly Insights) for Runtimes 1 |
cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9 |
|
| Red Hat | Red Hat OpenShift AI 2.25 |
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.6.5 |
cpe:/a:redhat:openshift_builds:1.6::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.3 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.27 |
cpe:/a:redhat:openshift_devspaces:3.27::el9 |
|
| Red Hat | Red Hat OpenShift GitOps 1.18 |
cpe:/a:redhat:openshift_gitops:1.18::el8 |
|
| Red Hat | Red Hat OpenShift GitOps 1.19 |
cpe:/a:redhat:openshift_gitops:1.19::el8 |
|
| Red Hat | Red Hat OpenShift GitOps 1.2 |
cpe:/a:redhat:openshift_gitops:1.20::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.9.3 |
cpe:/a:redhat:openshift_distributed_tracing:3.9::el9 |
|
| Red Hat | Red Hat Quay 3.16 |
cpe:/a:redhat:quay:3.16::el9 |
|
| Red Hat | Red Hat Satellite 6.18 |
cpe:/a:redhat:satellite:6.18::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 |
cpe:/a:redhat:trusted_artifact_signer:1.3::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 |
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 |
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | Red Hat Web Terminal 1.13 |
cpe:/a:redhat:webterminal:1.13::el9 |
|
| Red Hat | Red Hat Web Terminal 1.14 |
cpe:/a:redhat:webterminal:1.14::el9 |
|
| Red Hat | Red Hat Web Terminal 1.15 |
cpe:/a:redhat:webterminal:1.15::el9 |
|
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 |
cpe:/a:redhat:assisted_installer:2 |
|
| Red Hat | Confidential Compute Attestation |
cpe:/a:redhat:confidential_compute_attestation:1 |
|
| Red Hat | Deployment Validation Operator |
cpe:/a:redhat:deployment_validator_operator |
|
| Red Hat | ExternalDNS Operator |
cpe:/a:redhat:ext_dns_optr:1 |
|
| Red Hat | Fence Agents Remediation Operator |
cpe:/a:redhat:workload_availability_far:0 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift |
cpe:/a:redhat:logging:5 |
|
| Red Hat | Logical Volume Manager Storage |
cpe:/a:redhat:lvms:4 |
|
| Red Hat | Migration Toolkit for Applications 8 |
cpe:/a:redhat:migration_toolkit_applications:8 |
|
| Red Hat | Migration Toolkit for Containers |
cpe:/a:redhat:rhmt:1 |
|
| Red Hat | mirror registry for Red Hat OpenShift |
cpe:/a:redhat:mirror_registry:1 |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
|
| Red Hat | Red Hat build of Apache Camel - HawtIO 4 |
cpe:/a:redhat:apache_camel_hawtio:4 |
|
| Red Hat | Red Hat Certification Program for Red Hat Enterprise Linux 9 |
cpe:/a:redhat:certifications:9 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat Developer Hub |
cpe:/a:redhat:rhdh:1 |
|
| Red Hat | Red Hat Edge Manager 1 |
cpe:/a:redhat:edge_manager:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat OpenShift Cluster Manager CLI |
cpe:/a:redhat:openshift_cluster_manager_cli:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
|
| Red Hat | Red Hat OpenShift on AWS |
cpe:/a:redhat:openshift_service_on_aws:1 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
|
| Red Hat | Zero Trust Workload Identity Manager |
cpe:/a:redhat:zero_trust_workload_identity_manager:1 |
|
| Red Hat | Zero Trust Workload Identity Manager - Tech Preview |
cpe:/a:redhat:zero_trust_workload_identity_manager:0 |
|
| Red Hat | cert-manager Operator for Red Hat OpenShift |
cpe:/a:redhat:cert_manager:1 |
|
| Red Hat | Compliance Operator |
cpe:/a:redhat:openshift_compliance_operator:1 |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | Custom Metric Autoscaler operator for Red Hat Openshift |
cpe:/a:redhat:openshift_custom_metrics_autoscaler:2 |
|
| Red Hat | External Secrets Operator for Red Hat OpenShift |
cpe:/a:redhat:external_secrets_operator:1 |
|
| Red Hat | File Integrity Operator |
cpe:/a:redhat:openshift_file_integrity_operator:1 |
|
| Red Hat | Machine Deletion Remediation Operator |
cpe:/a:redhat:workload_availability_mdr:0 |
|
| Red Hat | mirror registry for Red Hat OpenShift 2 |
cpe:/a:redhat:mirror_registry:2 |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Network Observability Operator |
cpe:/a:redhat:network_observ_optr:1 |
|
| Red Hat | Node HealthCheck Operator |
cpe:/a:redhat:workload_availability_nhc:0 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
|
| Red Hat | OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3 |
|
| Red Hat | Power monitoring for Red Hat OpenShift |
cpe:/a:redhat:openshift_power_monitoring |
|
| Red Hat | Red Hat Advanced Cluster Security 4 |
cpe:/a:redhat:advanced_cluster_security:4 |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift for Windows Containers |
cpe:/a:redhat:windows_machine_config |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat Service Interconnect 1 |
cpe:/a:redhat:service_interconnect:1 |
|
| Red Hat | Red Hat Service Interconnect 2 |
cpe:/a:redhat:service_interconnect:2 |
|
| Red Hat | Security Profiles Operator |
cpe:/a:redhat:openshift_security_profiles_operator:1 |
|
| Red Hat | Service Telemetry Framework 1.5 |
cpe:/a:redhat:stf:1.5 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:32:09.097820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:32:53.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openstack:17.1",
"cpe:/a:redhat:openstack:17.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace:0.40::el9"
],
"defaultStatus": "affected",
"product": "DevWorkspace Operator 0.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.0::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.2::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.4::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.3::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.3.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.4::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.4.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.5::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.5.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.6::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.6.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.18::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.19::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3.9.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:deployment_validator_operator"
],
"defaultStatus": "affected",
"product": "Deployment Validation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ext_dns_optr:1"
],
"defaultStatus": "affected",
"product": "ExternalDNS Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_far:0"
],
"defaultStatus": "affected",
"product": "Fence Agents Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "affected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:1"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "unaffected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1"
],
"defaultStatus": "unaffected",
"product": "Compliance Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
],
"defaultStatus": "unaffected",
"product": "Custom Metric Autoscaler operator for Red Hat Openshift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "unaffected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1"
],
"defaultStatus": "unaffected",
"product": "File Integrity Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_mdr:0"
],
"defaultStatus": "unaffected",
"product": "Machine Deletion Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:2"
],
"defaultStatus": "unaffected",
"product": "mirror registry for Red Hat OpenShift 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "unaffected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "unaffected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "unaffected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "unaffected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:stf:1.5"
],
"defaultStatus": "unaffected",
"product": "Service Telemetry Framework 1.5",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-06T21:28:13.748Z",
"descriptions": [
{
"lang": "en",
"value": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:31.193Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"name": "RHBZ#2445345",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27137.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28047"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10929"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8842"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10169"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19022"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19049"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19132"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28038"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19181"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23228"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9872"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26585"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11800"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9052"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5549"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10175"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9697"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9698"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9699"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14879"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8337"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
},
{
"lang": "en",
"value": "RHSA-2026:10929: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8842: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:10169: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19022: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19049: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19132: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19181: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:9872: DevWorkspace Operator 0.4"
},
{
"lang": "en",
"value": "RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"lang": "en",
"value": "RHSA-2026:11800: Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"lang": "en",
"value": "RHSA-2026:22862: Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"lang": "en",
"value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
},
{
"lang": "en",
"value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
},
{
"lang": "en",
"value": "RHSA-2026:5110: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
},
{
"lang": "en",
"value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
},
{
"lang": "en",
"value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:7291: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:9052: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
},
{
"lang": "en",
"value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:5549: Red Hat OpenShift Builds 1.6.5"
},
{
"lang": "en",
"value": "RHSA-2026:10158: Red Hat OpenShift Builds 1.7.3"
},
{
"lang": "en",
"value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:9697: Red Hat OpenShift GitOps 1.18"
},
{
"lang": "en",
"value": "RHSA-2026:9698: Red Hat OpenShift GitOps 1.19"
},
{
"lang": "en",
"value": "RHSA-2026:9699: Red Hat OpenShift GitOps 1.2"
},
{
"lang": "en",
"value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:14879: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:10250: Red Hat Web Terminal 1.11"
},
{
"lang": "en",
"value": "RHSA-2026:10225: Red Hat Web Terminal 1.12"
},
{
"lang": "en",
"value": "RHSA-2026:8338: Red Hat Web Terminal 1.13"
},
{
"lang": "en",
"value": "RHSA-2026:8337: Red Hat Web Terminal 1.14"
},
{
"lang": "en",
"value": "RHSA-2026:8167: Red Hat Web Terminal 1.15"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T22:01:38.859Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-06T21:28:13.748Z",
"value": "Made public."
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "newEmailConstraints"
},
{
"name": "emailConstraints.query"
},
{
"name": "checkConstraints"
},
{
"name": "checkChainConstraints"
},
{
"name": "parseMailboxes"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.26.1",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek"
}
],
"descriptions": [
{
"lang": "en",
"value": "When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-295: Improper Certificate Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-08T05:56:20.771Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/752182"
},
{
"url": "https://go.dev/issue/77952"
},
{
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"title": "Incorrect enforcement of email constraints in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-27137",
"datePublished": "2026-03-06T21:28:13.748Z",
"dateReserved": "2026-02-17T19:57:28.434Z",
"dateUpdated": "2026-06-30T12:06:31.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-27137",
"date": "2026-06-29",
"epss": "0.00358",
"percentile": "0.27684"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27137\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-03-06T22:16:00.850\",\"lastModified\":\"2026-06-30T03:17:53.913\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.\"},{\"lang\":\"es\",\"value\":\"Al verificar una cadena de certificados que contiene un certificado con m\u00faltiples restricciones de direcci\u00f3n de correo electr\u00f3nico que comparten porciones locales comunes pero porciones de dominio diferentes, estas restricciones no se aplicar\u00e1n correctamente, y solo la \u00faltima restricci\u00f3n ser\u00e1 considerada.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"newEmailConstraints\"},{\"name\":\"emailConstraints.query\"},{\"name\":\"checkConstraints\"},{\"name\":\"checkChainConstraints\"},{\"name\":\"parseMailboxes\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.1\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\",\"cpe:/a:redhat:openstack:17.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"DevWorkspace Operator 0.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:devworkspace:0.40::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.3.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.4.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.5.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.6.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Lightspeed (formerly Insights) for Runtimes 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 2.25\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:2.25::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.6.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.7.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.27\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.27::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.18::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.19::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3.9.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.12::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Deployment Validation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:deployment_validator_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"ExternalDNS Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ext_dns_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Fence Agents Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_far:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logical Volume Manager Storage\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lvms:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Applications 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_applications:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat 3scale API Management Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_3scale_amp:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel - HawtIO 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification Program for Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:certifications:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Cluster Manager CLI\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 16.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:16.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Compliance Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_compliance_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Custom Metric Autoscaler operator for Red Hat Openshift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"File Integrity Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_file_integrity_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Machine Deletion Remediation Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_mdr:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Power monitoring for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_power_monitoring\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 1\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Security Profiles Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_security_profiles_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Service Telemetry Framework 1.5\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:stf:1.5\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-10T13:32:09.097820Z\",\"id\":\"CVE-2026-27137\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A40FE3CB-0D03-462B-8A19-4DF1920ABE82\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/752182\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://go.dev/issue/77952\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4599\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10125\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10158\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10169\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10175\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10184\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10225\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10250\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10929\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11800\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13545\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14879\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19022\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19049\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19132\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19181\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19375\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21769\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22347\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22423\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22450\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22714\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22862\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22937\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23228\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23345\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26585\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28038\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28047\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29854\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5110\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5549\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7291\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8151\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8167\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8337\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8338\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8842\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9052\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9385\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9697\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9698\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9699\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9872\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-27137\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2445345\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27137.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27137\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-10T13:32:09.097820Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-10T13:32:37.164Z\"}}], \"cna\": {\"title\": \"Incorrect enforcement of email constraints in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jakub Ciolek\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.1\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"newEmailConstraints\"}, {\"name\": \"emailConstraints.query\"}, {\"name\": \"checkConstraints\"}, {\"name\": \"checkChainConstraints\"}, {\"name\": \"parseMailboxes\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/752182\"}, {\"url\": \"https://go.dev/issue/77952\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4599\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-03-08T05:56:20.771Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27137\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T13:32:53.202Z\", \"dateReserved\": \"2026-02-17T19:57:28.434Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-03-06T21:28:13.748Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…