Handshake messages may be processed at the incorrect encryption level in crypto/tls

GO-2026-4340 · BIT-golang-2025-61730 · CVE-2025-61730

Published Jan 28, 2026 · Modified May 15, 2026

Description

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

References

FIX https://go.dev/cl/724120
REPORT https://go.dev/issue/76443
WEB https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes