CVE-2026-32281

Summary

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Affected Software

VendorProductVersion RangeStatus
Go standard librarycrypto/x5090 < 1.25.9affected
Go standard librarycrypto/x5091.26.0-0 < 1.26.2affected

Weaknesses

  • CWE-407: Inefficient Algorithmic Complexity

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References