Vulnerability Report: GO-2026-5028
- CVE-2026-25680
- Affects: golang.org/x/net
- Published: May 22, 2026
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.
Affected Packages
-
PathVersionsSymbols
-
before v0.55.0
Aliases
References
- https://go.dev/cl/781702
- https://go.dev/issue/79573
- https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
- https://vuln.go.dev/ID/GO-2026-5028.json
Credits
- IPC Labs
Feedback
See anything missing or incorrect?
Suggest an edit to this report.