PT-2026-23663 · Mstdlib+1 · Stdlib+1

Jakub Ciolek

·

Published

2026-03-06

·

Updated

2026-05-18

·

CVE-2026-27138

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions AWS Lambda (affected versions not specified)
Description A flaw exists where certificate verification can lead to a program crash. This occurs when a certificate within a chain lacks a DNS name while another certificate in the same chain has excluded name constraints. This issue impacts programs directly verifying X.509 certificate chains or those utilizing TLS. The issue affects 27 Lambda base images using stdlib.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

AZL-79610
AZL-79625
BDU:2026-04126
BIT-GOLANG-2026-27138
CLEANSTART-2026-AB43319
CLEANSTART-2026-AT12816
CLEANSTART-2026-BC17682
CLEANSTART-2026-BH97849
CLEANSTART-2026-FM44162
CLEANSTART-2026-GI67088
CLEANSTART-2026-GM63718
CLEANSTART-2026-GQ03231
CLEANSTART-2026-HA09227
CLEANSTART-2026-HJ72983
CLEANSTART-2026-JM96857
CLEANSTART-2026-KR58137
CLEANSTART-2026-LA67881
CLEANSTART-2026-MX70474
CLEANSTART-2026-ON62368
CLEANSTART-2026-PS51260
CLEANSTART-2026-QO29688
CLEANSTART-2026-RR25843
CLEANSTART-2026-SP88135
CLEANSTART-2026-SR26977
CLEANSTART-2026-TC31671
CLEANSTART-2026-TM31143
CLEANSTART-2026-UG20989
CLEANSTART-2026-UI21589
CLEANSTART-2026-UY60586
CVE-2026-27138
GO-2026-4600
OPENSUSE-SU-2026:10299-1
OPENSUSE-SU-2026:10509-1
OPENSUSE-SU-2026:20342-1
OPENSUSE-SU-2026:20537-1
RHSA-2026:7291
SUSE-SU-2026:0876-1
SUSE-SU-2026:0976-1
SUSE-SU-2026:0993-1
SUSE-SU-2026:1042-1
SUSE-SU-2026:21195-1

Affected Products

Aws-Lambda
Stdlib