CVE-2026-42505
Invoking Encrypted Client Hello privacy leak in crypto/tls
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
| Vendor | go standard library |
| Product | crypto/tls |
| Published | Jul 8, 2026 |
| Last Updated | Jul 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for go standard library crypto/tls
Be the first to know when new medium vulnerabilities affecting go standard library crypto/tls are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Go standard library / crypto/tls
0 < 1.25.12 1.26.0-0 < 1.26.5 1.27.0-0 < 1.27.0-rc.2
References
Credits
Coia Prant (github.com/rbqvq)