Description
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Published: 2026-02-05
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug resides in the session resumption path of Go's crypto/tls library. If a configuration object is altered after a successful handshake – for instance by cloning the Config or using GetConfigForClient – the renewed handshake may proceed even though the new configuration would not have permitted the original connection. This flaw is mapped to CWE-295, indicating improper certificate validation. The result is that a client may resume a session with a server it would not have connected to initially, or a server may resume with a client that would otherwise be rejected.

Affected Systems

Vulnerable systems are those running Go 1.26.0 release candidates 1 and 2, or any builds that include the unpatched crypto/tls package. The flaw affects the standard library's TLS implementation and may impact any Go application that relies on session resumption in secure communication.

Risk and Exploitability

CVSS score 9.1 indicates critical severity, but the EPSS score <1% suggests low likelihood of exploitation at this time. The vulnerability is not yet listed in CISA's KEV catalog. Attackers would need to be able to influence the TLS configuration between handshakes or have control over the configuration flow, making the attack vector indirect. However, the flaw exposes a subtle trust slip that could enable unauthorized session resumption if the application does not enforce a static configuration per session.

Generated by OpenCVE AI on April 29, 2026 at 17:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Go 1.26.0 RC2 or later to apply the official fix for crypto/tls.
  • Review application code to ensure that Configuration objects are not mutated between the initial handshake and any subsequent resumed handshake; if mutation is required, disable session resumption for affected connections.
  • Enforce strict client and server certificate validation on each handshake, including resumed ones, to mitigate the risk of implicit trust due to configuration changes.

Generated by OpenCVE AI on April 29, 2026 at 17:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 21 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Golang
Golang go
CPEs cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:1.26.0:rc1:*:*:*:*:*:*
cpe:2.3:a:golang:go:1.26.0:rc2:*:*:*:*:*:*
Vendors & Products Golang
Golang go

Fri, 06 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-295
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Go Standard Library
Go Standard Library crypto Tls
Vendors & Products Go Standard Library
Go Standard Library crypto Tls

Thu, 05 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
Description During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Title Unexpected session resumption in crypto/tls
References

Subscriptions

Go Standard Library Crypto Tls
Golang Go
cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published:

Updated: 2026-04-29T13:29:25.582Z

Reserved: 2025-12-15T16:48:04.451Z

Link: CVE-2025-68121

cve-icon Vulnrichment

Updated: 2026-02-06T15:32:38.457Z

cve-icon NVD

Status : Modified

Published: 2026-02-05T18:16:10.857

Modified: 2026-04-29T14:16:16.170

Link: CVE-2025-68121

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-05T17:48:44Z

Links: CVE-2025-68121 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T17:30:16Z

Weaknesses