CVE-2026-26994

Name of the Vulnerable Software and Affected Versions utls versions prior to 1.7.0

Description The utls software did not implement the TLS 1.3 downgrade protection mechanism as specified in RFC 8446 Section 4.1.3 when a utls ClientHello specification was used. This allowed a network attacker to downgrade TLS 1.3 connections to lower versions, such as TLS 1.2, by modifying the ClientHello message to remove the SupportedVersions extension. The server would then respond with a TLS 1.2 ServerHello, including a downgrade canary in the ServerHello random field. Because utls did not validate this canary, clients accepted the downgraded connection without detection. This issue also allowed for fingerprinting of utls connections.

Recommendations Upgrade to version 1.7.0 or later.