Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Passive network observation requires no privileges or user interaction; confidentiality impact is limited to PSK identity exposure (partial), with no integrity or availability consequence.
Primary rating from Vendor (Go).
CVSS VectorVendor: Go
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.
AnalysisAI
Passive network de-anonymization of Encrypted Client Hello (ECH) connections is possible in Go's crypto/tls library because pre-shared key (PSK) identities are exposed in cleartext outer ClientHello messages, allowing any on-path observer to correlate resumption sessions and identify servers despite ECH's intended privacy protections. Affected versions span crypto/tls prior to 1.25.12, 1.26.5, and 1.27.0-rc.2 across the Go standard library. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two concurrent application-level conditions: (1) the Go application must explicitly enable Encrypted Client Hello (ECH) in its crypto/tls configuration - ECH is not enabled by default and requires deliberate opt-in; and (2) TLS session resumption via Pre-Shared Keys must be occurring, which requires a prior completed TLS session between the same client and server. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) accurately characterizes a network-accessible, low-complexity passive information disclosure with no integrity or availability component. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A network-level adversary - such as a transit ISP, compromised network appliance, or on-path monitoring infrastructure - passively captures TLS ClientHello packets from a Go application that has ECH enabled with session resumption active. By reading PSK identity values present in the unencrypted outer ClientHello, the observer correlates resumption handshakes to prior sessions or to specific server identities, effectively identifying which server the client is connecting to despite ECH's privacy protections. … |
| Remediation | The primary fix is to upgrade the Go toolchain to a patched release - Go 1.25.12, Go 1.26.5, or Go 1.27.0-rc.2 or later, depending on the release branch in use. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Crypto Tls
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42317
GHSA-ff52-ph69-cf7x