CVE-2026-32280
Denial of Service via Certificate Chain Processing in Go crypto/x
Publication date: 2026-04-08
Last updated on: 2026-04-16
Assigner: Go Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| golang | go | to 1.25.9 (exc) |
| golang | go | From 1.26.0 (inc) to 1.26.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32280 is a vulnerability in the Go standard library's crypto/x509 package that occurs during certificate chain building. When a large number of intermediate certificates are provided via the VerifyOptions.Intermediates field, the amount of computational work performed is not properly limited. This causes excessive CPU usage because the chain-building function explores many candidate parent certificates recursively, especially when many intermediates differ slightly and are treated as distinct. This leads to a denial of service (DoS) condition.
The vulnerability affects both direct users of the crypto/x509 package and users of the crypto/tls package that rely on it. The issue arises because the chain-building process continues costly checks even after the signature-attempt limit is reached, causing high CPU consumption before verification fails.
How can this vulnerability impact me? :
This vulnerability can lead to a denial of service (DoS) by causing excessive CPU usage during certificate chain verification. Specifically, when many intermediate certificates are provided, the verification process can become extremely slow and consume significant CPU resources before failing.
In practical terms, this can slow down or disrupt applications that perform certificate verification using the affected Go packages, especially servers configured to verify client certificates in TLS contexts or any application processing attacker-controlled certificate data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as excessive CPU usage and significant delays during certificate chain verification in Go applications using the crypto/x509 package. Detection involves monitoring for unusually high CPU consumption or slow response times when verifying certificates, especially when many intermediate certificates are involved.
Specifically, the vulnerable function is Certificate.Verify, which can take hundreds of milliseconds and eventually fail with the error: "x509: signature check attempts limit reached while verifying certificate chain."
To detect this on your system, you can monitor CPU usage of Go applications that perform certificate verification. Additionally, you can enable verbose logging or error monitoring in your Go application to catch the specific error message during certificate verification.
There are no explicit commands provided in the resources, but general approaches include:
- Use system monitoring tools like top, htop, or pidstat to observe CPU spikes in Go processes.
- Check application logs for the error message: "x509: signature check attempts limit reached while verifying certificate chain."
- If you have access to the Go source or can modify the application, add instrumentation or logging around calls to Certificate.Verify to measure execution time and detect delays.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade the Go runtime to a fixed version that addresses this vulnerability. The affected versions include all releases before go1.25.9 and from go1.26.0-0 up to but not including go1.26.2.
Upgrading to Go version 1.26.2 or later, or to 1.25.9 or later, will resolve the issue as the fix is targeted for Go 1.27 and some backports.
In the meantime, if upgrading is not immediately possible, consider limiting the number of intermediate certificates processed or restricting client certificate verification in TLS configurations to reduce exposure.
Specifically, within TLS servers, avoid enabling client certificate verification modes like VerifyClientCertIfGiven or RequireAndVerifyClientCert unless necessary, as these increase the attack surface.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.