By weakness (CWE)
CWE-606: related vulnerabilities
CVEs classified under CWE-606. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-27145MEDIUM 6.5
Go's x509 certificate hostname verification process had a performance flaw where it unnecessarily repeated the same string-splitting operation for each DNS Subject Alternative Name (SAN) entry on a certificate. When a certificate listed many DNS SANs, verification became progressively slower—scaling with both the number of SANs and the complexity of the hostname being checked. The flaw affected all certificate verification, including checks on untrusted certificates, making it possible for an attacker to craft a certificate with an extremely large SAN list that would cause significant CPU overhead during validation.