CVE-2026-32280: Unexpected work during chain building in crypto/x509
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
Security readout for executives and security teams
Plain-English summary
A flaw in Go's certificate handling library lets an attacker exhaust server resources by supplying an unusually large set of intermediate certificates during TLS or X.509 verification. Applications built on Go's crypto/x509 or crypto/tls can slow down or become unavailable. There is no data theft, but the availability impact can disrupt customer-facing services that rely on Go-based infrastructure.
Executive priority
Prioritize as a high-urgency availability risk for Go-based and Red Hat-derived platforms. Not currently exploited in the wild, but network-reachable with no authentication needed. Coordinate patching across application, container, and platform teams within the next standard maintenance window; accelerate for internet-facing TLS/mTLS gateways.
Technical view
Go's crypto/x509 chain builder does not properly bound the work performed when VerifyOptions.Intermediates contains a large certificate pool. The CWE-770 (uncontrolled resource consumption) condition can be triggered network-side, yielding a CVSS 7.5 availability-only denial of service (AV:N/AC:L/PR:N/UI:N/A:H). Both direct crypto/x509 consumers and any crypto/tls path performing chain verification are impacted until Go 1.26.0 fixed toolchains.
Likely exposure
Any Go-compiled service that verifies X.509 chains — TLS servers, mTLS gateways, API brokers, container runtimes, Kubernetes components, and Red Hat OpenShift/RHEL packages — where attacker-controlled intermediate bundles reach the verifier. Red Hat has issued multiple RHSAs, indicating broad downstream reach across enterprise Linux and container platforms.
Exploitation context
No KEV listing and no cited public exploit at the time of writing. The vulnerability is remotely reachable and requires no authentication or user interaction, so weaponization is plausible against services that accept caller-supplied certificate chains. Impact is availability only; confidentiality and integrity are unaffected per the CVSS vector.
Researcher notes
Root cause is unbounded work in chain building when VerifyOptions.Intermediates is oversized (CWE-770). Fixed via upstream commit go.dev/cl/758320 and tracked as GO-2026-4947. Because the sink is in crypto/x509, any caller of crypto/tls Server/Client verification inherits exposure. Focus review on endpoints that accept client-presented chains, SPIFFE/mTLS meshes, and code that constructs large intermediate pools dynamically.
Mitigation direction
Upgrade Go toolchain and rebuild affected binaries to a fixed release (Go 1.26.0 or later per upstream).
Apply the relevant Red Hat RHSA errata to RHEL, OpenShift, and other Go-based platform packages.
Inventory internal Go services and container images that perform TLS or X.509 verification.
Where patching is delayed, place rate limiting or connection caps in front of exposed TLS endpoints.
Track vendor advisories for third-party Go-based products pending fixed releases.
Validation and detection
Query `go version` on build hosts and running binaries to confirm a fixed Go toolchain.
Use govulncheck against source and binaries to detect GO-2026-4947 exposure.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-770: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.