Description

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Dates

Published: 2026-04-08 · Last Modified: 2026-04-16

Weaknesses

References

• https://go.dev/cl/758061
• https://go.dev/issue/78281
• https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
• https://pkg.go.dev/vuln/GO-2026-4946