GO-2026-5052

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2026-5052

Import Source

https://vuln.go.dev/ID/GO-2026-5052.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2026-5052

Aliases

GHSA-mpwr-8vm7-h73f

Related

CGA-x3hw-m2cv-vww4

Published

2026-06-22T21:24:28Z

Modified

2026-06-26T13:44:19.242514716Z

Summary

Vulnerability in software.sslmate.com/src/go-pkcs12

Details

Users who decode PKCS#12 files from untrusted sources and rely on the password for authentication can be tricked into accepting malicious PKCS#12 files.

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2026-5052"
}

References

Affected packages

Go / software.sslmate.com/src/go-pkcs12

Package

Name: software.sslmate.com/src/go-pkcs12; View open source insights on deps.dev
Purl: pkg:golang/software.sslmate.com/src/go-pkcs12

Affected ranges

Type: SEMVER
Events: Introduced

0.6.0

Fixed

0.7.2

Ecosystem specific

{
    "imports": [
        {
            "path": "software.sslmate.com/src/go-pkcs12",
            "symbols": [
                "Decode",
                "DecodeChain",
                "DecodeTrustStore",
                "ToPEM"
            ]
        }
    ]
}

Database specific

source

"https://vuln.go.dev/ID/GO-2026-5052.json"