{"id":"GO-2026-4512","summary":"Fingerprint vulnerability in uTLS from missing padding extension for Chrome 120 in github.com/refraction-networking/utls","details":"Fingerprint vulnerability in uTLS from missing padding extension for Chrome 120 in github.com/refraction-networking/utls","aliases":["CVE-2026-26995","GHSA-rrxv-pmq9-x67r"],"modified":"2026-03-23T05:08:54.583072199Z","published":"2026-02-24T23:10:26Z","related":["CGA-q9xg-65rj-2vrf"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4512"},"references":[{"type":"ADVISORY","url":"https://github.com/refraction-networking/utls/security/advisories/GHSA-rrxv-pmq9-x67r"},{"type":"FIX","url":"https://github.com/refraction-networking/utls/commit/8fe0b08e9a0e7e2d08b268f451f2c79962e6acd0"}],"affected":[{"package":{"name":"github.com/refraction-networking/utls","ecosystem":"Go","purl":"pkg:golang/github.com/refraction-networking/utls"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.6.0"},{"fixed":"1.8.2"}]}],"ecosystem_specific":{"imports":[{"symbols":["Roller.Dial","UConn.BuildHandshakeState","UConn.BuildHandshakeStateWithoutSession","UConn.Handshake","UConn.HandshakeContext","UConn.Read","UConn.Write","UQUICConn.HandleData","UQUICConn.Start","UTLSIdToSpec","utlsIdToSpec"],"path":"github.com/refraction-networking/utls"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4512.json"}}],"schema_version":"1.7.3"}