CVE-2026-32280

ADVISORY - nist

Summary

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

EPSS Score⁠: 0.00007 (0.004)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-770⁠

Allocation of Resources Without Limits or Throttling

Impacted images

Advisories

GoLang

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDGO-2026-4947⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
stdlib	golang	-	-	<1.25.9	1.25.9
stdlib	golang	-	-	>=1.26.0-0,<1.26.2	1.26.2

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

2 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-32280⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-770⁠

CVSS SCORE

7.5high

Debian

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-32280⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-32280⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium