LiveActive security incident?Get immediate response
CVE Record

CVE-2026-32280: Unexpected work during chain building in crypto/x509

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

HighCVSS 7.5Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

A flaw in Go's certificate handling library lets an attacker exhaust server resources by supplying an unusually large set of intermediate certificates during TLS or X.509 verification. Applications built on Go's crypto/x509 or crypto/tls can slow down or become unavailable. There is no data theft, but the availability impact can disrupt customer-facing services that rely on Go-based infrastructure.

Executive priority

Prioritize as a high-urgency availability risk for Go-based and Red Hat-derived platforms. Not currently exploited in the wild, but network-reachable with no authentication needed. Coordinate patching across application, container, and platform teams within the next standard maintenance window; accelerate for internet-facing TLS/mTLS gateways.

Technical view

Go's crypto/x509 chain builder does not properly bound the work performed when VerifyOptions.Intermediates contains a large certificate pool. The CWE-770 (uncontrolled resource consumption) condition can be triggered network-side, yielding a CVSS 7.5 availability-only denial of service (AV:N/AC:L/PR:N/UI:N/A:H). Both direct crypto/x509 consumers and any crypto/tls path performing chain verification are impacted until Go 1.26.0 fixed toolchains.

Likely exposure

Any Go-compiled service that verifies X.509 chains — TLS servers, mTLS gateways, API brokers, container runtimes, Kubernetes components, and Red Hat OpenShift/RHEL packages — where attacker-controlled intermediate bundles reach the verifier. Red Hat has issued multiple RHSAs, indicating broad downstream reach across enterprise Linux and container platforms.

Exploitation context

No KEV listing and no cited public exploit at the time of writing. The vulnerability is remotely reachable and requires no authentication or user interaction, so weaponization is plausible against services that accept caller-supplied certificate chains. Impact is availability only; confidentiality and integrity are unaffected per the CVSS vector.

Researcher notes

Root cause is unbounded work in chain building when VerifyOptions.Intermediates is oversized (CWE-770). Fixed via upstream commit go.dev/cl/758320 and tracked as GO-2026-4947. Because the sink is in crypto/x509, any caller of crypto/tls Server/Client verification inherits exposure. Focus review on endpoints that accept client-presented chains, SPIFFE/mTLS meshes, and code that constructs large intermediate pools dynamically.

Mitigation direction

  • Upgrade Go toolchain and rebuild affected binaries to a fixed release (Go 1.26.0 or later per upstream).
  • Apply the relevant Red Hat RHSA errata to RHEL, OpenShift, and other Go-based platform packages.
  • Inventory internal Go services and container images that perform TLS or X.509 verification.
  • Where patching is delayed, place rate limiting or connection caps in front of exposed TLS endpoints.
  • Track vendor advisories for third-party Go-based products pending fixed releases.

Validation and detection

  • Query `go version` on build hosts and running binaries to confirm a fixed Go toolchain.
  • Use govulncheck against source and binaries to detect GO-2026-4947 exposure.
  • Cross-check installed RPMs against listed RHSA IDs (e.g., RHSA-2026:24762, 24761, 28886).
  • Verify container base images have been rebuilt on patched Go and redeployed.
  • Monitor TLS handshake latency and CPU metrics for anomalous spikes indicating attempted abuse.
Prepared
Confidence
high
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-770: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2026-32280 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

2CVSS vectors
5Timeline events
2ADP providers
45Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: yesTechnical Impact: partial

CVSS vector scores

2 official scores

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H3.93.6CISA-ADP
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H3.93.6redhat-SADP

Vulnerability scoring details

Base CVSS 3.1 score

7.5High
CVSS 3.1 vector shape for CVE-2026-32280Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. ADP timelineredhat-SADP

    Made public.

  3. CVE publishedCVE Program

    The CVE record was published.

  4. ADP timelineredhat-SADP

    Reported to Red Hat.

  5. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
cvssV3_1other:ssvc
redhat-SADPcrypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
other:Red Hat severity ratingcvssV3_1
  • 2026-04-08T02:01:19.572Z: Reported to Red Hat.
  • 2026-04-08T01:06:58.595Z: Made public.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Go standard librarycrypto/x509crypto/x509, 0, 1.26.0-0unaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.