crypto/x509 — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in crypto/x509, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-32280	Unexpected work during chain building in crypto/x509	7.5^AI	High^AI	2026-04-08
CVE-2026-32281	Inefficient policy validation in crypto/x509	7.5^AI	High^AI	2026-04-08
CVE-2026-33810	Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509	6.5^AI	Medium^AI	2026-04-08
CVE-2026-27138	Panic in name constraint checking for malformed certificates in crypto/x509	7.5	-	2026-03-06
CVE-2026-27137	Incorrect enforcement of email constraints in crypto/x509	5.3	-	2026-03-06
CVE-2025-61727	Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509	9.8^AI	Critical^AI	2025-12-03
CVE-2025-61729	Excessive resource consumption when printing error string for host certificate validation in crypto/x509	7.5^AI	High^AI	2025-12-02
CVE-2025-58188	Panic when validating certificates with DSA public keys in crypto/x509	7.5^AI	High^AI	2025-10-29
CVE-2025-58187	Quadratic complexity when checking name constraints in crypto/x509	5.3^AI	Medium^AI	2025-10-29
CVE-2025-22874	Usage of ExtKeyUsageAny disables policy validation in crypto/x509	6.5^AI	Medium^AI	2025-06-11
CVE-2025-22865	ParsePKCS1PrivateKey panic with partial keys in crypto/x509	7.5	-	2025-01-28
CVE-2024-45341	Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509	5.3	-	2025-01-28
CVE-2024-24783	Verify panics on certificates with an unknown public key algorithm in crypto/x509	7.5^AI	High^AI	2024-03-05

All 13 known CVE vulnerabilities affecting crypto/x509 with full Chinese analysis, references, and POCs where available.