CVE-2026-42505

Published: July 10, 2026Last modified: July 13, 2026

Description

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Severity score breakdown

ParameterValue
Base score5.3
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSgoFixed (1.25.12-r0)
25 LTSgoVulnerable (1.24.3-r0)
StreamgoFixed (1.26.5-r0)
Hardened Containers23 LTSgoVulnerable (1.19.7-r0)
25 LTSgoVulnerable (1.24.3-r0)
StreamgoVulnerable (1.20.5-r2)

References

ON THIS PAGE