CRITICAL🇵🇱 Wersja polska

CVE-2025-68121

CVSS 10.0v3.1pub. 2026-02-05upd. 2026-04-29

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

🤖 AI Analysis
How it works

During TLS session resumption, the crypto/tls library does not account for changes made to the ClientCAs or RootCAs fields of the Config object after the initial handshake. If a user clones the configuration via Config.Clone and modifies the resulting object, or uses the Config.GetConfigForClient method, the resumed session may proceed according to outdated validation rules. As a result, certificate verification during session resumption relies on the old configuration state rather than the current one.

Impact

An attacker can resume a TLS session with a client or server that would not be accepted during a new full handshake — effectively bypassing certificate-based trust validation (CWE-295: Improper Certificate Validation). This can lead to unauthorized access to resources or acceptance of connections from entities that should be rejected.

Mitigation & patch

Apply patches available from the vendor according to the references (https://go.dev/cl/737700, https://pkg.go.dev/vuln/GO-2026-4337). Until an update is applied, it is recommended to avoid mutating the ClientCAs and RootCAs fields after performing the initial TLS handshake, and to limit the use of Config.Clone and Config.GetConfigForClient in scenarios requiring dynamic changes to the certificate pool.

Who is affected

Applications written in Go that use the crypto/tls library, where TLS configuration (ClientCAs or RootCAs fields) is modified after the initial handshake — particularly when using Config.Clone or Config.GetConfigForClient. Specific versions are indicated in the vendor's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Golang Go

    APP
    Golang
    1.26.0< 1.24.131.25.0 – 1.25.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-27143CRITICAL9.8PL ✓ten sam produkt

Błąd arytmetyczny w kompilatorze Golang Go prowadzący do uszkodzenia pamięci

CVE-2025-66630CRITICAL9.2PL ✓ten sam produkt

Przewidywalne UUID w Fiber v2 — podatność na generowanie słabych identyfikatorów

CVE-2024-24790CRITICAL9.8PL ✓ten sam produkt

Błędna klasyfikacja adresów IPv4-mapped IPv6 w bibliotece standardowej Go

CVE-2023-39320CRITICAL9.8ten sam produkt

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relati...

CVE-2023-29405CRITICAL9.8ten sam produkt

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" o...