High severity8.2NVD Advisory· Published Apr 8, 2026· Updated Apr 20, 2026

CVE-2026-33810

Description

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Affected products

Golang/Go
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
Range: >=1.26.0,<1.26.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

go.dev/cl/763763nvdPatch
pkg.go.dev/vuln/GO-2026-4866nvdVendor Advisory
go.dev/issue/78332nvdIssue Tracking
groups.google.com/g/golang-announce/c/0uYbvbPZRWUnvdMailing ListRelease Notes
www.openwall.com/lists/oss-security/2026/04/19/4nvd
www.openwall.com/lists/oss-security/2026/04/20/1nvd

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000