๐Ÿ” CVE Alert

CVE-2026-42505

MEDIUM 5.3

Invoking Encrypted Client Hello privacy leak in crypto/tls

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Vendor go standard library
Product crypto/tls
Published Jul 8, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for go standard library crypto/tls

Be the first to know when new medium vulnerabilities affecting go standard library crypto/tls are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Go standard library / crypto/tls
0 < 1.25.12 1.26.0-0 < 1.26.5 1.27.0-0 < 1.27.0-rc.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
go.dev: https://go.dev/cl/775960 go.dev: https://go.dev/issue/79282 groups.google.com: https://groups.google.com/g/golang-announce/c/OrmQE_Yp5Sc pkg.go.dev: https://pkg.go.dev/vuln/GO-2026-5856

Credits

Coia Prant (github.com/rbqvq)