CVE-2026-27145
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caus
CVSS
6.5
Medio
EPSS
0.9%
p57
KEV
—
Exploit Today
17
0-100
Publicado: 2 jun 2026 · Última mod.: 16 jul 2026 · CWE-606
0.7%EPSS · 30 días0.9%
2026-06-302026-07-16
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.
- go.devhttps://go.dev/cl/783621
- go.devhttps://go.dev/issue/79694
- groups.google.comhttps://groups.google.com/g/golang-announce/c/tKs3rmcBcKw
- pkg.go.devhttps://pkg.go.dev/vuln/GO-2026-5037
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:23262
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:23264
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:29981
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33574
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:34357
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:34359
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35832
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36317
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36648
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36797
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:38995
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:39005
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:39573
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:39879
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-27145
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2484207
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-15197.5 ALT72.2%
——22If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.2dCVE-2026-416065.3 MED63.1%
——19Uncontrolled Recursion vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.2dCVE-2026-398207.5 ALT51.9%
——16Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.15hCVE-2026-338147.5 ALT51.8%
——16When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.2dCVE-2026-338917.5 ALT44.5%
——13Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.2dCVE-2026-442897.5 ALT43.8%
——13protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding. This vulnerability is fixed in 7.5.6 and 8.0.2.2d