—

CVE-2026-32281EXPLOITEDPATCHED

go standard library · crypto/x509

Inefficient policy validation in crypto/x509

Description

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Affected Products

Vendor	Product	Versions
go standard library	crypto/x509	0, 1.26.0-0, 1.25.8, 1.26.1

References

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-32281 | crypto-x509 up to 1.25.8/1.26.1 on Go Certificate algorithmic complexity

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.25.91.26.2

PublishedApr 8, 2026

Last enriched5h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-33810EXP

Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

Trending: 49

HIGHCVE-2026-32289EXP

JsBraceDepth Context Tracking Bugs (XSS) in html/template

Trending: 46

HIGHCVE-2026-32288EXP

Unbounded allocation for old GNU sparse in archive/tar

Trending: 46

HIGHCVE-2026-32283EXP

Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

Trending: 46

CRITICALCVE-2026-32282

TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

Trending: 30

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Actively Exploited

Apr 8, 2026

Patch Available

Apr 8, 2026

Updated: affectedVersions, severity, activelyExploited, tags

Apr 8, 2026

Version History

Last enriched 5h ago

v2Tier C5h ago

Updated affected versions to include 1.25.8 and 1.26.1, changed severity to HIGH, marked as actively exploited, and noted that no exploit is available.

affectedVersionsseverityactivelyExploitedtags

via VulDB

v18h ago

Initial creation