CVE-2026-42505
Received Received - Intake

Encrypted Client Hello Identity Disclosure in Go

Vulnerability report for CVE-2026-42505, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: Go Project

Description

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
golang go to 1.25.12 (exc)
golang go From 1.26.0-0 (inc) to 1.26.5 (exc)
golang go From 1.27.0-0 (inc) to 1.27.0-rc.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability allows a passive network observer to de-anonymize TLS handshakes using Encrypted Client Hello by revealing pre-shared key identities in the unencrypted client hello message.

This leakage of information could potentially expose sensitive data about server hostnames and communication patterns, which may impact privacy protections required under regulations like GDPR or HIPAA.

However, the provided context and resources do not explicitly discuss or analyze the direct impact of this vulnerability on compliance with specific standards or regulations.

Executive Summary

This vulnerability, identified as CVE-2026-42505, exists in the Go programming language's crypto/tls package. It involves the Encrypted Client Hello (ECH) feature used in TLS handshakes. Normally, ECH is designed to protect the privacy of the server's hostname during the handshake by encrypting the client hello message. However, due to this vulnerability, pre-shared key (PSK) identities are leaked in the unencrypted part of the client hello message.

As a result, a passive network observer can de-anonymize the server's hostname by collecting these handshakes, even when ECH is enabled. This undermines the privacy guarantees that ECH is supposed to provide.

Impact Analysis

The impact of this vulnerability is that an attacker who is passively observing network traffic can identify the server's hostname during TLS handshakes that use Encrypted Client Hello (ECH). This means that the intended privacy protection of hiding the server's hostname is compromised.

This could lead to privacy breaches where sensitive information about which servers or services a client is connecting to is exposed, potentially enabling targeted surveillance or profiling.

Detection Guidance

This vulnerability involves the leakage of pre-shared key (PSK) identities in the unencrypted client hello during TLS handshakes using Encrypted Client Hello (ECH). Detection would require monitoring TLS handshake traffic to identify the presence of PSK identities in the client hello messages.

Since the vulnerability is about passive network observation, one could use network packet capture tools such as tcpdump or Wireshark to capture TLS handshake packets and analyze the client hello messages for PSK identities.

  • Use tcpdump to capture TLS handshake packets: tcpdump -i <interface> -w capture.pcap 'tcp port 443'
  • Open the capture in Wireshark and filter for Client Hello messages: tls.handshake.type == 1
  • Inspect the Client Hello messages for unencrypted PSK identities that should not be present when ECH is properly implemented.

Note that no specific commands or detection tools are explicitly provided in the available resources.

Mitigation Strategies

The primary mitigation step is to update the Go programming language's crypto/tls package to a version where the vulnerability is fixed.

Specifically, upgrade to a Go version that includes the fix which omits the pre-shared key (PSK) in the ECH outer client hello to prevent information leakage.

Affected versions include those before go1.25.12, from go1.26.0-0 before go1.26.5, and from go1.27.0-0 before go1.27.0-rc.2. Upgrading beyond these versions will mitigate the issue.

Until the fix is applied, consider disabling Encrypted Client Hello (ECH) if possible to avoid leaking PSK identities.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42505. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart