CVE-2026-27145 in crypto-x509
Summary
by MITRE • 06/03/2026
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/04/2026
This vulnerability represents a significant performance degradation in the x509 certificate verification process that affects the security infrastructure of systems relying on Go's standard library. The flaw exists in the VerifyHostname method of the x509.Certificate type where the matchHostnames function is invoked repeatedly within a loop across all DNS Subject Alternative Name entries. This design pattern creates a computationally expensive operation where strings.Split(host, ".") executes multiple times on identical input hostname values, leading to unnecessary processing overhead.
The technical implementation issue stems from the inefficient algorithmic approach where hostname validation occurs before certificate chain construction, meaning that even untrusted certificates undergo this expensive verification process. This quadratic scaling behavior manifests when certificates contain large DNS SAN lists, causing verification time to increase dramatically with the product of SAN entry count and hostname label complexity. The vulnerability directly impacts the efficiency of certificate validation routines that are fundamental to TLS/SSL operations across numerous applications and systems.
From a cybersecurity perspective, this vulnerability creates potential denial-of-service conditions where malicious actors can craft certificates with extensive SAN lists to consume excessive CPU resources during verification processes. The performance degradation affects systems that process high volumes of certificates, such as load balancers, reverse proxies, and certificate management systems. The issue represents a classic computational complexity problem where the algorithmic design fails to cache or reuse intermediate results, leading to redundant string operations that could be optimized through memoization or pre-processing techniques.
This vulnerability aligns with CWE-502, which covers security weaknesses related to code that does not properly handle input validation or processing efficiency. The operational impact extends beyond simple performance degradation to potentially compromise system availability, particularly in environments where certificate verification occurs frequently or under high load conditions. Attackers could exploit this weakness to create resource exhaustion scenarios that affect service availability, making it a critical concern for infrastructure security.
The mitigation approach should focus on optimizing the hostname matching algorithm to avoid repeated string operations on identical inputs. Implementing proper caching mechanisms for hostname splitting results or restructuring the verification loop to process all SAN entries in a single pass would address the core issue. Security teams should also consider monitoring certificate verification performance metrics to detect potential exploitation attempts. Organizations relying on Go applications should prioritize updating their runtime environments and implementing additional rate limiting or certificate validation controls to prevent exploitation of this performance vulnerability that could be leveraged in broader attack scenarios.