{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-27137","assignerOrgId":"1bb62c36-49e3-4200-9d77-64a1400537cc","state":"PUBLISHED","assignerShortName":"Go","dateReserved":"2026-02-17T19:57:28.434Z","datePublished":"2026-03-06T21:28:13.748Z","dateUpdated":"2026-07-09T12:09:27.963Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bb62c36-49e3-4200-9d77-64a1400537cc","shortName":"Go","dateUpdated":"2026-03-08T05:56:20.771Z"},"title":"Incorrect enforcement of email constraints in crypto/x509","descriptions":[{"lang":"en","value":"When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered."}],"affected":[{"vendor":"Go standard library","product":"crypto/x509","collectionURL":"https://pkg.go.dev","packageName":"crypto/x509","versions":[{"version":"1.26.0-0","lessThan":"1.26.1","status":"affected","versionType":"semver"}],"programRoutines":[{"name":"newEmailConstraints"},{"name":"emailConstraints.query"},{"name":"checkConstraints"},{"name":"checkChainConstraints"},{"name":"parseMailboxes"},{"name":"Certificate.Verify"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-295: Improper Certificate Validation"}]}],"references":[{"url":"https://go.dev/cl/752182"},{"url":"https://go.dev/issue/77952"},{"url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"},{"url":"https://pkg.go.dev/vuln/GO-2026-4599"}],"credits":[{"lang":"en","value":"Jakub Ciolek"}]},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-03-10T13:32:09.097820Z","id":"CVE-2026-27137","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-10T13:32:53.202Z"}},{"affected":[{"cpes":["cpe:/a:redhat:edge_manager:1.0::el9"],"defaultStatus":"affected","product":"RHEM 1.0 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:17.1","cpe:/a:redhat:openstack:17.1::el9"],"defaultStatus":"affected","product":"Red Hat OpenStack Platform 17.1","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:devworkspace:0.40::el9"],"defaultStatus":"affected","product":"DevWorkspace Operator 0.4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:logging:6.0::el9"],"defaultStatus":"affected","product":"Logging Subsystem for Red Hat OpenShift 6.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:logging:6.2::el9"],"defaultStatus":"affected","product":"Logging Subsystem for Red Hat OpenShift 6.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:logging:6.4::el9"],"defaultStatus":"affected","product":"Logging Subsystem for Red Hat OpenShift 6.4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_globalhub:1.3::el9"],"defaultStatus":"affected","product":"Multicluster Global Hub 1.3.4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_globalhub:1.4::el9"],"defaultStatus":"affected","product":"Multicluster Global Hub 1.4.5","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_globalhub:1.5::el9"],"defaultStatus":"affected","product":"Multicluster Global Hub 1.5.4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_globalhub:1.6::el9"],"defaultStatus":"affected","product":"Multicluster Global Hub 1.6.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_api_data_protection:1.4::el9"],"defaultStatus":"affected","product":"OpenShift API for Data Protection 1.4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_api_data_protection:1.5::el9"],"defaultStatus":"affected","product":"OpenShift API for Data Protection 1.5","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:acm:2.15::el9"],"defaultStatus":"affected","product":"Red Hat Advanced Cluster Management for Kubernetes 2.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"defaultStatus":"affected","product":"Red Hat Ansible Automation Platform 2.6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"affected","product":"Red Hat Hardened Images","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"],"defaultStatus":"affected","product":"Red Hat Lightspeed (formerly Insights) for Runtimes 1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 2.25","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_builds:1.6::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Builds 1.6.5","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_builds:1.7::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Builds 1.7.4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3.27::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Dev Spaces 3.27","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_gitops:1.18::el8"],"defaultStatus":"affected","product":"Red Hat OpenShift GitOps 1.18","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_gitops:1.19::el8"],"defaultStatus":"affected","product":"Red Hat OpenShift GitOps 1.19","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_gitops:1.20::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift GitOps 1.20","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift distributed tracing 3.9.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3.16::el9"],"defaultStatus":"affected","product":"Red Hat Quay 3.16","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6.18::el9"],"defaultStatus":"affected","product":"Red Hat Satellite 6.18","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"defaultStatus":"affected","product":"Red Hat Trusted Artifact Signer 1.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:webterminal:1.11::el9"],"defaultStatus":"affected","product":"Red Hat Web Terminal 1.11","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:webterminal:1.12::el9"],"defaultStatus":"affected","product":"Red Hat Web Terminal 1.12","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:webterminal:1.13::el9"],"defaultStatus":"affected","product":"Red Hat Web Terminal 1.13","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:webterminal:1.14::el9"],"defaultStatus":"affected","product":"Red Hat Web Terminal 1.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:webterminal:1.15::el9"],"defaultStatus":"affected","product":"Red Hat Web Terminal 1.15","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:assisted_installer:2"],"defaultStatus":"affected","product":"Assisted Installer for Red Hat OpenShift Container Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:confidential_compute_attestation:1"],"defaultStatus":"affected","product":"Confidential Compute Attestation","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:deployment_validator_operator"],"defaultStatus":"affected","product":"Deployment Validation Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ext_dns_optr:1"],"defaultStatus":"affected","product":"ExternalDNS Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:workload_availability_far:0"],"defaultStatus":"affected","product":"Fence Agents Remediation Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:gatekeeper:3"],"defaultStatus":"affected","product":"Gatekeeper 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:logging:5"],"defaultStatus":"affected","product":"Logging Subsystem for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:lvms:4"],"defaultStatus":"affected","product":"Logical Volume Manager Storage","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhmt:1"],"defaultStatus":"affected","product":"Migration Toolkit for Containers","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:mirror_registry:1"],"defaultStatus":"affected","product":"mirror registry for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ocp_tools"],"defaultStatus":"affected","product":"OpenShift Developer Tools and Services","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_lightspeed"],"defaultStatus":"affected","product":"OpenShift Lightspeed","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"affected","product":"OpenShift Pipelines","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:serverless:1"],"defaultStatus":"affected","product":"OpenShift Serverless","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"],"defaultStatus":"affected","product":"Red Hat 3scale API Management Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apache_camel_hawtio:4"],"defaultStatus":"affected","product":"Red Hat build of Apache Camel - HawtIO 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:certifications:9"],"defaultStatus":"affected","product":"Red Hat Certification Program for Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:connectivity_link:1"],"defaultStatus":"affected","product":"Red Hat Connectivity Link 1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhdh:1"],"defaultStatus":"affected","product":"Red Hat Developer Hub","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_cluster_manager_cli:1"],"defaultStatus":"affected","product":"Red Hat OpenShift Cluster Manager CLI","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_data_foundation:4"],"defaultStatus":"affected","product":"Red Hat Openshift Data Foundation 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_service_on_aws:1"],"defaultStatus":"affected","product":"Red Hat OpenShift on AWS","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:16.2"],"defaultStatus":"affected","product":"Red Hat OpenStack Platform 16.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:18.0"],"defaultStatus":"affected","product":"Red Hat OpenStack Platform 18.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3"],"defaultStatus":"affected","product":"Red Hat Quay 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6"],"defaultStatus":"affected","product":"Red Hat Satellite 6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_streams:3"],"defaultStatus":"affected","product":"streams for Apache Kafka 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:1"],"defaultStatus":"affected","product":"Zero Trust Workload Identity Manager","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"],"defaultStatus":"affected","product":"Zero Trust Workload Identity Manager - Tech Preview","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:cert_manager:1"],"defaultStatus":"unaffected","product":"cert-manager Operator for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_compliance_operator:1"],"defaultStatus":"unaffected","product":"Compliance Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:cryostat:4"],"defaultStatus":"unaffected","product":"Cryostat 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"],"defaultStatus":"unaffected","product":"Custom Metric Autoscaler operator for Red Hat Openshift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:external_secrets_operator:1"],"defaultStatus":"unaffected","product":"External Secrets Operator for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_file_integrity_operator:1"],"defaultStatus":"unaffected","product":"File Integrity Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:workload_availability_mdr:0"],"defaultStatus":"unaffected","product":"Machine Deletion Remediation Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:migration_toolkit_applications:8"],"defaultStatus":"unaffected","product":"Migration Toolkit for Applications 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:mirror_registry:2"],"defaultStatus":"unaffected","product":"mirror registry for Red Hat OpenShift 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine"],"defaultStatus":"unaffected","product":"Multicluster Engine for Kubernetes","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:network_observ_optr:1"],"defaultStatus":"unaffected","product":"Network Observability Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:workload_availability_nhc:0"],"defaultStatus":"unaffected","product":"Node HealthCheck Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:2"],"defaultStatus":"unaffected","product":"OpenShift Service Mesh 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3"],"defaultStatus":"unaffected","product":"OpenShift Service Mesh 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_power_monitoring"],"defaultStatus":"unaffected","product":"Power monitoring for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:advanced_cluster_security:4"],"defaultStatus":"unaffected","product":"Red Hat Advanced Cluster Security 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:ansible_automation_platform:2"],"defaultStatus":"unaffected","product":"Red Hat Ansible Automation Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:edge_manager:1"],"defaultStatus":"unaffected","product":"Red Hat Edge Manager 1","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"unaffected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:windows_machine_config"],"defaultStatus":"unaffected","product":"Red Hat OpenShift for Windows Containers","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:container_native_virtualization:4"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Virtualization 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_interconnect:1"],"defaultStatus":"unaffected","product":"Red Hat Service Interconnect 1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_interconnect:2"],"defaultStatus":"unaffected","product":"Red Hat Service Interconnect 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_security_profiles_operator:1"],"defaultStatus":"unaffected","product":"Security Profiles Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:stf:1.5"],"defaultStatus":"unaffected","product":"Service Telemetry Framework 1.5","vendor":"Red Hat"}],"datePublic":"2026-03-06T21:28:13.748Z","descriptions":[{"lang":"en","value":"A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"Improper Certificate Validation","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-27137"},{"name":"RHBZ#2445345","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445345"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27137.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:36796"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28047"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10929"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8842"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10169"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19022"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22937"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19049"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22450"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19132"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28038"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19181"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23228"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22714"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:9872"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26585"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:11800"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22862"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22423"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22347"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:5110"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21769"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23345"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:29854"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26568"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8151"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7291"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:9052"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:5549"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10158"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:9697"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:9698"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:9699"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:9385"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19375"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:14879"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10125"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10250"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10225"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8338"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8337"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8167"}],"solutions":[{"lang":"en","value":"RHSA-2026:36796: RHEM 1.0 for RHEL 9"},{"lang":"en","value":"RHSA-2026:28047: Red Hat OpenStack Platform 17.1"},{"lang":"en","value":"RHSA-2026:10929: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"},{"lang":"en","value":"RHSA-2026:8842: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:10169: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:19022: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:19049: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:19132: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:19181: Red Hat Enterprise Linux AppStream (v. 9)"},{"lang":"en","value":"RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"},{"lang":"en","value":"RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"},{"lang":"en","value":"RHSA-2026:9872: DevWorkspace Operator 0.4"},{"lang":"en","value":"RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0"},{"lang":"en","value":"RHSA-2026:11800: Logging Subsystem for Red Hat OpenShift 6.2"},{"lang":"en","value":"RHSA-2026:22862: Logging Subsystem for Red Hat OpenShift 6.4"},{"lang":"en","value":"RHSA-2026:22423: Multicluster Global Hub 1.3.4"},{"lang":"en","value":"RHSA-2026:22347: Multicluster Global Hub 1.4.5"},{"lang":"en","value":"RHSA-2026:5110: Multicluster Global Hub 1.5.4"},{"lang":"en","value":"RHSA-2026:21769: Multicluster Global Hub 1.5.4"},{"lang":"en","value":"RHSA-2026:23345: Multicluster Global Hub 1.6.2"},{"lang":"en","value":"RHSA-2026:29854: OpenShift API for Data Protection 1.4"},{"lang":"en","value":"RHSA-2026:26568: OpenShift API for Data Protection 1.5"},{"lang":"en","value":"RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15"},{"lang":"en","value":"RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"},{"lang":"en","value":"RHSA-2026:7291: Red Hat Hardened Images"},{"lang":"en","value":"RHSA-2026:9052: Red Hat Lightspeed (formerly Insights) for Runtimes 1"},{"lang":"en","value":"RHSA-2026:10184: Red Hat OpenShift AI 2.25"},{"lang":"en","value":"RHSA-2026:5549: Red Hat OpenShift Builds 1.6.5"},{"lang":"en","value":"RHSA-2026:10158: Red Hat OpenShift Builds 1.7.4"},{"lang":"en","value":"RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"},{"lang":"en","value":"RHSA-2026:9697: Red Hat OpenShift GitOps 1.18"},{"lang":"en","value":"RHSA-2026:9698: Red Hat OpenShift GitOps 1.19"},{"lang":"en","value":"RHSA-2026:9699: Red Hat OpenShift GitOps 1.20"},{"lang":"en","value":"RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"},{"lang":"en","value":"RHSA-2026:19375: Red Hat Quay 3.16"},{"lang":"en","value":"RHSA-2026:14879: Red Hat Satellite 6.18"},{"lang":"en","value":"RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"},{"lang":"en","value":"RHSA-2026:10250: Red Hat Web Terminal 1.11"},{"lang":"en","value":"RHSA-2026:10225: Red Hat Web Terminal 1.12"},{"lang":"en","value":"RHSA-2026:8338: Red Hat Web Terminal 1.13"},{"lang":"en","value":"RHSA-2026:8337: Red Hat Web Terminal 1.14"},{"lang":"en","value":"RHSA-2026:8167: Red Hat Web Terminal 1.15"}],"timeline":[{"lang":"en","time":"2026-03-06T22:01:38.859Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-06T21:28:13.748Z","value":"Made public."}],"title":"crypto/x509: Incorrect enforcement of email constraints in crypto/x509","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-09T12:09:27.963Z"}}]}}