CVE Catalog

CVE-2026-27145

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.94%

57th percentile - higher than 57% of all known CVEs

Summary

A vulnerability in the Go x509 library causes quadratic verification cost when validating hostnames against certificates with many DNS SAN entries. The VerifyHostname function repeatedly calls strings.Split on the same hostname, leading to overhead.

Risk Assessment

An attacker can supply a malicious certificate with numerous SAN entries, causing significant slowdown or denial of service (DoS) during verification, even before the certificate chain is built.

Recommendation

Update the Go library to a version containing the fix that optimizes hostname verification. If an update is not possible, restrict acceptance of certificates with a large number of SAN entries.

Original NVD description (English source)

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS