CVE-2026-27138

MEDIUM

Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationRuntime & IntegrationServer operands are vulnerable to loss of confidentiality (CVE-2026-27137) and denial of service (CVE-2026-27138)

Details

CVSS v3: 5.9
NVD published: 2026-03-06 22:16:00
EPSS: <0.1% probability · 10.0th percentile — 2026-04-23
Affected versions: cpe:2.3:a:golang:go:1.26.0:*:*:*:*:*:*:*
Summary: Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

View on NVD

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.