Multiple CVEs Cause Panic in Go's Certificate Validation

Multiple CVEs Cause Panic in Go's Certificate Validation

First seen 18 Feb 2026, 12:23 UTC Api.Msrc.Microsoft 74% similarity 46.1

Article Content

Browse articles
ThreatCluster

Two vulnerabilities have been identified in Go's crypto/x509 package affecting TLS clients. CVE-2022-27536, published on April 20, 2022, allows a remote TLS server to cause a panic on macOS with malformed certificates. CVE-2025-58188, published on October 29, 2025, results in a panic when validating certificates with DSA public keys.

ThreatCluster AI

Timeline

2022-04-20
CVE-2022-27536 published
2025-10-29
CVE-2025-58188 published
2026-02-18
Both CVEs reported in articles

Community

Browse all →