CVE-2026-33810

EUVD-2026-20024
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
golanggo
1.26.0 ≤
𝑥
< 1.26.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bullseye
1.15.15-1~deb11u4
fixed
golang-1.19
bookworm
1.19.8-2
fixed
golang-1.24
trixie
1.24.4-1
fixed
golang-1.25
forky
1.25.10-1
fixed
sid
1.25.10-2
fixed
golang-1.26
forky
1.26.3-1
fixed
sid
1.26.3-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang
jammy
dne
noble
dne
questing
dne
resolute
dne
golang-1.6
jammy
dne
noble
dne
questing
dne
resolute
dne
xenial
needs-triage
golang-1.8
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
golang-1.9
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
golang-1.10
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
trusty
needs-triage
xenial
needs-triage
golang-1.13
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
questing
dne
resolute
dne
xenial
ignored
golang-1.14
focal
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
golang-1.16
bionic
needs-triage
focal
needs-triage
jammy
dne
noble
dne
questing
dne
resolute
dne
golang-1.17
jammy
needs-triage
noble
dne
questing
dne
resolute
dne
golang-1.18
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
questing
dne
resolute
dne
xenial
ignored
golang-1.20
focal
needs-triage
jammy
needs-triage
noble
dne
questing
dne
resolute
dne
golang-1.21
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
dne
resolute
dne
golang-1.22
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
dne
resolute
dne
golang-1.23
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
golang-1.24
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
golang-1.25
jammy
dne
noble
dne
questing
needs-triage
resolute
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
opentelemetry-collector
RHEL 9
0:0.144.0-2.el9_8
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://go.dev/cl/763763
https://go.dev/issue/78332
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
https://pkg.go.dev/vuln/GO-2026-4866
http://www.openwall.com/lists/oss-security/2026/04/19/4
http://www.openwall.com/lists/oss-security/2026/04/20/1