The Go standard library’s crypto/x509 package contains a flaw that causes it to ignore all email address constraints except the last one when a certificate contains multiple constraints that share a local part but differ by domain. This defect allows a malicious certificate to bypass intended email address restrictions, enabling an attacker to forge a certificate that will be accepted as valid for an address it should not be allowed to represent. The vulnerability is classified as a CWE‑295 (Improper Restriction of Operations within the Bounds of a Memory Buffer or a Function).

The affected product is the Go standard library’s crypto/x509 package. Any Go application that uses the default certificate verification routines—including web servers, HTTPS clients, email systems, and other services that validate X.509 certificates—could be impacted. No specific version range is provided in the advisory, so all releases before the fix should be considered vulnerable until an update is applied.

The CVSS score of 7.5 indicates a high severity risk, but the EPSS score of less than 1 % shows that the current odds of exploitation are very low, and the vulnerability is not listed in the CISA KEV catalog. The flaw can be exploited in any context where a Go program accepts or validates certificates that include email constraints. An attacker could deliver a crafted certificate chain to a vulnerable application, tricking it into accepting a certificate that does not meet the intended email restrictions and potentially allowing impersonation or unauthorized access.