CVE-2026-42508
9.1 CRITICALPreviously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation
Published: 2026-05-22 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 9.1 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-295
Affected products
| Vendor | Product |
|---|---|
| golang | crypto |
Description
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-42506 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-42502 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-39821 — The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label (9.6 CRITICAL)
- CVE-2026-27136 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-25681 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
Same CWE
- CVE-2026-53475 — A flaw was found in assisted-migration-agent (9.3 CRITICAL)
- CVE-2026-9758 — Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered tru... (7.3 HIGH)
- CVE-2026-41714 — Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(... (4.0 MEDIUM)
- CVE-2026-42769 — Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (... (5.3 MEDIUM)
- CVE-2026-50752 — A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a... (7.4 HIGH)