Vulnerability in Refraction-networking Utls

CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to…

EPSS: 0.000 (1.1th percentile) — read the EPSS interpretation.

Affected products

Refraction-networking Utls — versions >= 1.6.0, < 1.8.1

Weakness classification (CWE)

CWE-1240

References

https://github.com/refraction-networking/utls/security/advisories/GHSA-7m29-f4hw-g2vx (x_refsource_CONFIRM)