Golang Net
6 CVEs affecting Golang Net. Latest disclosed: 2026-05-22. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-39821 | Critical | 9.6 | 2026-05-22 | The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") i… |
CVE-2026-25680 | Medium | 6.5 | 2026-05-22 | Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. |
CVE-2026-42506 | Medium | 6.1 | 2026-05-22 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications… |
CVE-2026-42502 | Medium | 6.1 | 2026-05-22 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications… |
CVE-2026-27136 | Medium | 6.1 | 2026-05-22 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications… |
CVE-2026-25681 | Medium | 6.1 | 2026-05-22 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications… |