CVE-2026-42505

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bullseye
vulnerable
golang-1.19
bookworm
vulnerable
golang-1.24
trixie
vulnerable
golang-1.25
forky
vulnerable
sid
1.25.12-1
fixed
golang-1.26
forky
vulnerable
sid
1.26.5-1
fixed
golang-1.27
forky
vulnerable
sid
1.27~rc2-1
fixed