2445345 – (CVE-2026-27137) CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x509

Bug 2445345 (CVE-2026-27137) - CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x509

Summary: CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in cry...

Keywords:
Status:	NEW
Alias:	CVE-2026-27137
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2446047
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-06 22:02 UTC by OSIDB Bzimport
Modified:	2026-05-14 06:38 UTC (History)
CC List:	129 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2026:10169	None	None	None	2026-04-23 17:46:11 UTC
Red Hat Product Errata	RHSA-2026:10929	None	None	None	2026-04-27 13:50:41 UTC
Red Hat Product Errata	RHSA-2026:8842	None	None	None	2026-04-20 00:34:17 UTC

Description OSIDB Bzimport 2026-03-06 22:02:01 UTC

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Comment 8 errata-xmlrpc 2026-04-20 00:34:11 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:8842 https://access.redhat.com/errata/RHSA-2026:8842

Comment 9 errata-xmlrpc 2026-04-23 17:46:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:10169 https://access.redhat.com/errata/RHSA-2026:10169

Comment 10 errata-xmlrpc 2026-04-27 13:50:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:10929 https://access.redhat.com/errata/RHSA-2026:10929

Note You need to log in before you can comment on or make changes to this bug.

aazores
abarbaro
abrianik
akostadi
akoudelk
alcohan
alebedev
alizardo
amasferr
anjoseph
anpicker
ansmith
anthomas
bbrownin
bdettelb
bparees
chfoley
ckandaga
cmah
crizzo
dhanak
dmayorov
doconnor
drosa
dschmidt
dsimansk
dymurray
eaguilar
ebaron
eborisov
eglynn
ehelms
erezende
fdeutsch
ggainey
ggrzybek
gparvin
hasun
ibolton
jbalunas
jburrell
jcantril
jchui
jeder
jfula
jhe
jjoyce
jkoehler
jlanda
jlledo
jmatthew
jmontleo
jolong
jowilson
jprabhak
jpretori
jraez
jschluet
juwatts
kingland
kshier
ktsao
kverlaen
lball
lbragsta
lchilton
lgamliel
lhh
lphiri
manissin
mbocek
mburns
mgarciac
mhulan
mnovotny
mrunge
mwringe
nboldt
ngough
nmoumoul
nyancey
oaljalju
ometelka
oramraz
osousa
pahickey
pantinor
parichar
pcreech
peholase
pgaikwad
pjindal
psrna
ptisnovs
pvasanth
rchan
rfreiman
rgodfrey
rhaigner
rhel-process-autobot
rjohnson
rojacob
sakbas
sausingh
sdawley
sfeifer
simaishi
slucidi
smallamp
smcdonal
smullick
sseago
stcannon
stirabos
swoodman
syedriko
tasato
teagle
thason
tmalecek
tsedmik
veshanka
vimartin
watson-tool-maintainers
wenshen
whayutin
wtam
xdharmai
yguenane