CVE-2026-32283

April 8, 2026, 9:26 p.m.

None
No Score

Description

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

Product(s) Impacted

Vendor Product Versions
Golang
  • Golang
  • *
Tls
  • Tls
  • 1.3

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a golang golang / / / / / / / /
a tls tls 1.3 / / / / / / /

References

https://go.dev/cl/763767
https://go.dev/issue/78334
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
https://pkg.go.dev/vuln/GO-2026-4870

Tags

[email protected]
2026-04-08
CVE-2026-32283

Timeline

Published: April 8, 2026, 2:16 a.m.
Last Modified: April 8, 2026, 9:26 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.