GO-2026-4509

Source
https://pkg.go.dev/vuln/GO-2026-4509
Import Source
https://vuln.go.dev/ID/GO-2026-4509.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2026-4509
Aliases
Published
2026-02-24T23:10:26Z
Modified
2026-02-24T23:33:07.459646Z
Summary
Fingerprint vulnerability in uTLS from GREASE ECH mismatch for Chrome parrots in github.com/refraction-networking/utls
Details

Fingerprint vulnerability in uTLS from GREASE ECH mismatch for Chrome parrots in github.com/refraction-networking/utls

Database specific
{
    "url": "https://pkg.go.dev/vuln/GO-2026-4509",
    "review_status": "REVIEWED"
}
References

Affected packages

Go / github.com/refraction-networking/utls

Package

Name
github.com/refraction-networking/utls
View open source insights on deps.dev
Purl
pkg:golang/github.com/refraction-networking/utls

Affected ranges

Type
SEMVER
Events
Introduced
1.6.0
Fixed
1.8.1

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "BoringGREASEECH",
                "Roller.Dial",
                "UConn.BuildHandshakeState",
                "UConn.BuildHandshakeStateWithoutSession",
                "UConn.Handshake",
                "UConn.HandshakeContext",
                "UConn.Read",
                "UConn.Write",
                "UQUICConn.HandleData",
                "UQUICConn.Start",
                "UTLSIdToSpec"
            ],
            "path": "github.com/refraction-networking/utls"
        }
    ]
}

Database specific

source
"https://vuln.go.dev/ID/GO-2026-4509.json"