[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-32281":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T08:55:34.825Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":97,"related":98,"reserved_at":9,"published_at":129,"modified_at":130,"state":131,"summary":132,"references_raw":141,"kevs":167,"epss":168,"epss_history":171,"metrics":346,"affected":354},"CVE-2026-32281","Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-295","Improper Certificate Validation","The product does not validate, or incorrectly validates, a certificate.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-459","Creating a Rogue Certification Authority Certificate",[],{"id":24,"name":25,"techniques":26},"CAPEC-475","Signature Spoofing by Improper Validation",[],[],[29,30],"GO-2026-4946","BIT-golang-2026-32281",[],[33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95],{"_key":34},"OPENSUSE-SU-2026:10514-1",{"_key":36},"OPENSUSE-SU-2026:10525-1",{"_key":38},"SUSE-SU-2026:1320-1",{"_key":40},"SUSE-SU-2026:1321-1",{"_key":42},"OPENSUSE-SU-2026:20570-1",{"_key":44},"OPENSUSE-SU-2026:20571-1",{"_key":46},"SUSE-SU-2026:1580-1",{"_key":48},"SUSE-SU-2026:1581-1",{"_key":50},"DEBIAN-CVE-2026-32281",{"_key":52},"MGASA-2026-0143",{"_key":54},"MGASA-2026-0147",{"_key":56},"UBUNTU-CVE-2026-32281",{"_key":58},"RHSA-2026:10217",{"_key":60},"RHSA-2026:16021",{"_key":62},"RHSA-2026:16024",{"_key":64},"RHSA-2026:18027",{"_key":66},"RHSA-2026:19135",{"_key":68},"RHSA-2026:19353",{"_key":70},"RHSA-2026:19719",{"_key":72},"RHSA-2026:19720",{"_key":74},"RHSA-2026:19721",{"_key":76},"RHSA-2026:19839",{"_key":78},"RHSA-2026:20556",{"_key":80},"RHSA-2026:20569",{"_key":82},"RHSA-2026:20570",{"_key":84},"RHSA-2026:20571",{"_key":86},"RHSA-2026:22141",{"_key":88},"RHSA-2026:22309",{"_key":90},"RHSA-2026:23102",{"_key":92},"RHSA-2026:23103",{"_key":94},"RHSA-2026:7291",{"_key":96},"RHSA-2026:7385",[],[99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127],{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":84},{"_key":86},{"_key":88},{"_key":90},{"_key":92},{"_key":94},{"_key":96},{"_key":128},"CGA-MHQ6-CW97-RCC6","2026-04-08T01:06:58.354Z","2026-04-13T18:19:44.779Z","Analyzed",{"cisa_kev":133,"cisa_ransomware":133,"cisa_vendor":9,"epss_severity":134,"epss_score":135,"severity":136,"severity_score":137,"severity_version":138,"severity_source":139,"severity_vector":140,"severity_status":131},false,"low",0.00022,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[142,150,156,162],{"url":143,"sources":144,"tags":147},"https://go.dev/cl/758061",[139,145,146],"nvd","osv_go",[148,149],"FIX","Patch",{"url":151,"sources":152,"tags":153},"https://go.dev/issue/78281",[139,145,146],[154,155],"REPORT","Issue Tracking",{"url":157,"sources":158,"tags":159},"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",[139,145,146],[160,161,155],"WEB","Release Notes",{"url":163,"sources":164,"tags":165},"https://pkg.go.dev/vuln/GO-2026-4946",[139,145],[166],"Vendor Advisory",[],{"date":169,"score":135,"percentile":170},"2026-06-05",0.06417,[172,176,178,181,184,187,189,193,196,199,203,206,209,212,215,218,221,224,227,230,233,236,239,242,244,247,250,253,256,258,261,264,267,271,274,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345],{"date":173,"score":174,"percentile":175},"2026-04-08",0.00007,0.0045,{"date":177,"score":174,"percentile":175},"2026-04-09",{"date":179,"score":174,"percentile":180},"2026-04-10",0.00452,{"date":182,"score":174,"percentile":183},"2026-04-11",0.00451,{"date":185,"score":174,"percentile":186},"2026-04-12",0.00447,{"date":188,"score":174,"percentile":186},"2026-04-13",{"date":190,"score":191,"percentile":192},"2026-04-14",0.00021,0.05491,{"date":194,"score":191,"percentile":195},"2026-04-15",0.05494,{"date":197,"score":191,"percentile":198},"2026-04-16",0.05503,{"date":200,"score":201,"percentile":202},"2026-04-17",0.00018,0.04456,{"date":204,"score":201,"percentile":205},"2026-04-18",0.04457,{"date":207,"score":201,"percentile":208},"2026-04-19",0.04449,{"date":210,"score":201,"percentile":211},"2026-04-20",0.04436,{"date":213,"score":201,"percentile":214},"2026-04-21",0.04595,{"date":216,"score":201,"percentile":217},"2026-04-22",0.04606,{"date":219,"score":201,"percentile":220},"2026-04-23",0.04631,{"date":222,"score":201,"percentile":223},"2026-04-24",0.04636,{"date":225,"score":201,"percentile":226},"2026-04-25",0.04673,{"date":228,"score":201,"percentile":229},"2026-04-26",0.0467,{"date":231,"score":201,"percentile":232},"2026-04-27",0.04658,{"date":234,"score":201,"percentile":235},"2026-04-28",0.04675,{"date":237,"score":201,"percentile":238},"2026-04-29",0.04696,{"date":240,"score":201,"percentile":241},"2026-04-30",0.0471,{"date":243,"score":201,"percentile":241},"2026-05-01",{"date":245,"score":201,"percentile":246},"2026-05-02",0.04711,{"date":248,"score":201,"percentile":249},"2026-05-03",0.04701,{"date":251,"score":201,"percentile":252},"2026-05-04",0.04698,{"date":254,"score":201,"percentile":255},"2026-05-05",0.04693,{"date":257,"score":201,"percentile":255},"2026-05-06",{"date":259,"score":201,"percentile":260},"2026-05-07",0.04731,{"date":262,"score":201,"percentile":263},"2026-05-08",0.0473,{"date":265,"score":201,"percentile":266},"2026-05-09",0.04775,{"date":268,"score":269,"percentile":270},"2026-05-10",0.00019,0.0545,{"date":272,"score":269,"percentile":273},"2026-05-11",0.05443,{"date":275,"score":269,"percentile":273},"2026-05-12",{"date":277,"score":269,"percentile":278},"2026-05-13",0.05457,{"date":280,"score":269,"percentile":281},"2026-05-14",0.05446,{"date":283,"score":269,"percentile":284},"2026-05-15",0.05451,{"date":286,"score":269,"percentile":287},"2026-05-16",0.05463,{"date":289,"score":269,"percentile":290},"2026-05-17",0.05458,{"date":292,"score":269,"percentile":293},"2026-05-18",0.05439,{"date":295,"score":269,"percentile":296},"2026-05-19",0.05434,{"date":298,"score":269,"percentile":299},"2026-05-20",0.05433,{"date":301,"score":269,"percentile":302},"2026-05-21",0.0543,{"date":304,"score":135,"percentile":305},"2026-05-22",0.06454,{"date":307,"score":135,"percentile":308},"2026-05-23",0.06457,{"date":310,"score":135,"percentile":311},"2026-05-24",0.06459,{"date":313,"score":135,"percentile":314},"2026-05-25",0.06437,{"date":316,"score":135,"percentile":317},"2026-05-26",0.06415,{"date":319,"score":135,"percentile":320},"2026-05-27",0.0645,{"date":322,"score":135,"percentile":323},"2026-05-28",0.06542,{"date":325,"score":135,"percentile":326},"2026-05-29",0.06563,{"date":328,"score":135,"percentile":329},"2026-05-30",0.06552,{"date":331,"score":135,"percentile":332},"2026-05-31",0.06534,{"date":334,"score":135,"percentile":335},"2026-06-01",0.06502,{"date":337,"score":135,"percentile":338},"2026-06-02",0.06427,{"date":340,"score":135,"percentile":341},"2026-06-03",0.06377,{"date":343,"score":135,"percentile":344},"2026-06-04",0.06387,{"date":169,"score":135,"percentile":170},[347,352],{"source":139,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":348,"cvss_v4_0":9},{"baseScore":137,"baseSeverity":349,"vectorString":140,"impactScore":350,"exploitabilityScore":351},"HIGH",6,10,{"source":145,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":353,"cvss_v4_0":9},{"baseScore":137,"baseSeverity":349,"vectorString":140,"impactScore":350,"exploitabilityScore":351},[355,370,380],{"ecosystem":9,"name":356,"vendor":357,"product":356,"cpe_part":358,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":359},"crypto/x509","go standard library","a",[360,365],{"version":361,"is_range":362,"range_type":139,"version_start":9,"version_start_type":9,"version_end":363,"version_end_type":364,"fixed_in":9},"\u003C 1.25.9",true,"1.25.9","excluding",{"version":366,"is_range":362,"range_type":139,"version_start":367,"version_start_type":368,"version_end":369,"version_end_type":364,"fixed_in":9},">= 1.26.0-0, \u003C 1.26.2","1.26.0-0","including","1.26.2",{"ecosystem":9,"name":371,"vendor":372,"product":371,"cpe_part":358,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":373},"go","golang",[374,377],{"version":375,"is_range":362,"range_type":376,"version_start":9,"version_start_type":9,"version_end":363,"version_end_type":364,"fixed_in":9},"lt1.25.9","cpe",{"version":378,"is_range":362,"range_type":376,"version_start":379,"version_start_type":368,"version_end":369,"version_end_type":364,"fixed_in":9},"gte1.26.0_lt1.26.2","1.26.0",{"ecosystem":381,"name":382,"vendor":381,"product":382,"cpe_part":9,"purl_type":372,"purl_namespace":9,"purl_name":382,"source":9,"versions":383},"Go","stdlib",[384],{"version":385,"is_range":362,"range_type":386,"version_start":367,"version_start_type":368,"version_end":369,"version_end_type":364,"fixed_in":9},"gte1_26_0_0_lt1_26_2","semver"]