certfr_avis - certfr-2026-avi-0674

CERTFR-2026-AVI-0674

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Azure Linux	azl3 kube-vip-cloud-provider 0.0.10-5 versions antérieures à 0.0.10-6
Microsoft	Azure Linux	azl3 prometheus-adapter 0.12.0-5 versions antérieures à 0.12.0-6
Microsoft	Azure Linux	azl3 packer 1.9.5-13 versions antérieures à 1.9.5-14
Microsoft	Azure Linux	azl3 cri-tools 1.32.0-4 versions antérieures à 1.32.0-6
Microsoft	Azure Linux	azl3 cert-manager 1.12.15-6 versions antérieures à 1.12.15-8
Microsoft	Azure Linux	azl3 containerized-data-importer 1.62.0-3 versions antérieures à 1.62.0-5
Microsoft	Azure Linux	azl3 sriov-network-device-plugin 3.7.0-5 versions antérieures à 3.7.0-6
Microsoft	Azure Linux	azl3 libyang 2.1.148-1 versions antérieures à 2.1.148-3
Microsoft	Azure Linux	azl3 influxdb 2.7.5-15 versions antérieures à 2.7.5-17
Microsoft	Azure Linux	azl3 application-gateway-kubernetes-ingress 1.7.7-3 versions antérieures à 1.7.7-4
Microsoft	Azure Linux	azl3 kubevirt 1.7.1-2 versions antérieures à 1.7.1-5
Microsoft	Azure Linux	azl3 rabbitmq-server 3.13.7-3 versions antérieures à 3.13.7-4

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2026-25680	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-39835	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-25681	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-42502	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-46598	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-39827	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-39828	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-41401	2026-05-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-8466	2026-05-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 kube-vip-cloud-provider 0.0.10-5 versions ant\u00e9rieures \u00e0 0.0.10-6",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 prometheus-adapter 0.12.0-5 versions ant\u00e9rieures \u00e0 0.12.0-6",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 packer 1.9.5-13 versions ant\u00e9rieures \u00e0 1.9.5-14",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 cri-tools 1.32.0-4 versions ant\u00e9rieures \u00e0 1.32.0-6",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 cert-manager 1.12.15-6 versions ant\u00e9rieures \u00e0 1.12.15-8",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 containerized-data-importer 1.62.0-3 versions ant\u00e9rieures \u00e0 1.62.0-5",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 sriov-network-device-plugin 3.7.0-5 versions ant\u00e9rieures \u00e0 3.7.0-6",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libyang 2.1.148-1 versions ant\u00e9rieures \u00e0 2.1.148-3",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 influxdb 2.7.5-15 versions ant\u00e9rieures \u00e0 2.7.5-17",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 application-gateway-kubernetes-ingress 1.7.7-3 versions ant\u00e9rieures \u00e0 1.7.7-4",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kubevirt 1.7.1-2 versions ant\u00e9rieures \u00e0 1.7.1-5",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 rabbitmq-server 3.13.7-3 versions ant\u00e9rieures \u00e0 3.13.7-4",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-39828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
    },
    {
      "name": "CVE-2026-25680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25680"
    },
    {
      "name": "CVE-2026-39835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39835"
    },
    {
      "name": "CVE-2026-42502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42502"
    },
    {
      "name": "CVE-2026-25681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25681"
    },
    {
      "name": "CVE-2026-41401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41401"
    },
    {
      "name": "CVE-2026-46598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-46598"
    },
    {
      "name": "CVE-2026-39827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39827"
    },
    {
      "name": "CVE-2026-8466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-8466"
    }
  ],
  "initial_release_date": "2026-06-01T00:00:00",
  "last_revision_date": "2026-06-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0674",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-25680",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25680"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-39835",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39835"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-25681",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25681"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42502",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42502"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46598",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46598"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-39827",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39827"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-39828",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39828"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41401",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41401"
    },
    {
      "published_at": "2026-05-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-8466",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8466"
    }
  ]
}

CVE-2026-8466 (GCVE-0-2026-8466)

Vulnerability from cvelistv5

Published

2026-05-13 18:26

Modified

2026-05-14 04:30

Severity ?

8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound check. When cow_multipart:parse_headers/2 returns more or {more, Buffer2}, the function reads up to Length bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the byte_size(Acc) > Length guard present in the sibling function read_part_body/4. An unauthenticated attacker can send a multipart/form-data request whose body never yields a complete header section — for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \r\n\r\n — and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory. This issue affects cowboy from 2.0.0 before 2.15.0.

References

URL

Tags

	https://cna.erlef.org/cves/CVE-2026-8466.html	related, third-party-advisory
	https://osv.dev/vulnerability/EEF-CVE-2026-8466	related
	https://github.com/ninenines/cowboy/commit/5c6a2061b41bb5771c4659fac7d5a822dca5bafb	patch

Impacted products

Vendor

Product

Version

ninenines

cowboy

Version: 2.0.0 ≤
cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*

ninenines

cowboy

Version: 917cf99e10c41676183d501b86af6e47c95afb89
cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-8466",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T18:46:37.406887Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T18:52:29.452Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.hex.pm",
          "cpes": [
            "cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "cowboy_req"
          ],
          "packageName": "cowboy",
          "packageURL": "pkg:hex/cowboy",
          "product": "cowboy",
          "programFiles": [
            "src/cowboy_req.erl"
          ],
          "programRoutines": [
            {
              "name": "cowboy_req:read_part/1"
            },
            {
              "name": "cowboy_req:read_part/2"
            },
            {
              "name": "cowboy_req:read_part/3"
            }
          ],
          "repo": "https://github.com/ninenines/cowboy",
          "vendor": "ninenines",
          "versions": [
            {
              "lessThan": "2.15.0",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "cowboy_req"
          ],
          "packageName": "ninenines/cowboy",
          "packageURL": "pkg:github/ninenines/cowboy",
          "product": "cowboy",
          "programFiles": [
            "src/cowboy_req.erl"
          ],
          "programRoutines": [
            {
              "name": "cowboy_req:read_part/1"
            },
            {
              "name": "cowboy_req:read_part/2"
            },
            {
              "name": "cowboy_req:read_part/3"
            }
          ],
          "repo": "https://github.com/ninenines/cowboy",
          "vendor": "ninenines",
          "versions": [
            {
              "lessThan": "5c6a2061b41bb5771c4659fac7d5a822dca5bafb",
              "status": "affected",
              "version": "917cf99e10c41676183d501b86af6e47c95afb89",
              "versionType": "git"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe application must expose an HTTP endpoint that calls \u003ctt\u003ecowboy_req:read_part/1,2\u003c/tt\u003e to process \u003ctt\u003emultipart/form-data\u003c/tt\u003e request bodies. Deployments that do not handle multipart uploads are not affected.\u003c/p\u003e"
            }
          ],
          "value": "The application must expose an HTTP endpoint that calls cowboy_req:read_part/1,2 to process multipart/form-data request bodies. Deployments that do not handle multipart uploads are not affected."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ninenines:cowboy:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.15.0",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Peter Ullrich"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Lo\u00efc Hoguin"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.\u003c/p\u003e\u003cp\u003e\u003ctt\u003ecowboy_req:read_part/3\u003c/tt\u003e in \u003ctt\u003esrc/cowboy_req.erl\u003c/tt\u003e accumulates incoming request bytes into a \u003ctt\u003eBuffer\u003c/tt\u003e binary with no upper-bound check. When \u003ctt\u003ecow_multipart:parse_headers/2\u003c/tt\u003e returns \u003ctt\u003emore\u003c/tt\u003e or \u003ctt\u003e{more, Buffer2}\u003c/tt\u003e, the function reads up to \u003ctt\u003eLength\u003c/tt\u003e bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the \u003ctt\u003ebyte_size(Acc) \u0026gt; Length\u003c/tt\u003e guard present in the sibling function \u003ctt\u003eread_part_body/4\u003c/tt\u003e. An unauthenticated attacker can send a \u003ctt\u003emultipart/form-data\u003c/tt\u003e request whose body never yields a complete header section \u2014 for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \u003ctt\u003e\\r\\n\\r\\n\u003c/tt\u003e \u2014 and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory.\u003c/p\u003e\u003cp\u003eThis issue affects cowboy from 2.0.0 before 2.15.0.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.\n\ncowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound check. When cow_multipart:parse_headers/2 returns more or {more, Buffer2}, the function reads up to Length bytes (default 64 KB) from the request body and recurses with the enlarged buffer. There is no equivalent of the byte_size(Acc) \u003e Length guard present in the sibling function read_part_body/4. An unauthenticated attacker can send a multipart/form-data request whose body never yields a complete header section \u2014 for example, a body that never contains the advertised boundary delimiter, or one whose header lines never contain \\r\\n\\r\\n \u2014 and force the server process to accumulate memory linearly with the bytes the protocol layer is willing to deliver. A handful of concurrent such uploads is sufficient to exhaust BEAM memory.\n\nThis issue affects cowboy from 2.0.0 before 2.15.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T04:30:32.552Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "related",
            "third-party-advisory"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2026-8466.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2026-8466"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/ninenines/cowboy/commit/5c6a2061b41bb5771c4659fac7d5a822dca5bafb"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2026-8466",
    "datePublished": "2026-05-13T18:26:21.089Z",
    "dateReserved": "2026-05-13T11:44:39.149Z",
    "dateUpdated": "2026-05-14T04:30:32.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42502 (GCVE-0-2026-42502)

Vulnerability from cvelistv5

Published

2026-05-22 15:01

Modified

2026-05-22 17:17

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

References

URL

Tags

	https://go.dev/issue/79572
	https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
	https://go.dev/cl/781701
	https://pkg.go.dev/vuln/GO-2026-5027

Impacted products

	Vendor	Product	Version
	golang.org/x/net	golang.org/x/net/html	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-42502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T17:16:33.414557Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T17:17:20.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parser.parse"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.55.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tristan Madani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T15:01:21.649Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/79572"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
        },
        {
          "url": "https://go.dev/cl/781701"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5027"
        }
      ],
      "title": "Invoking  incorrect handling of HTML elements in foreign content in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-42502",
    "datePublished": "2026-05-22T15:01:21.649Z",
    "dateReserved": "2026-04-28T00:21:12.791Z",
    "dateUpdated": "2026-05-22T17:17:20.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41401 (GCVE-0-2026-41401)

Vulnerability from cvelistv5

Published

2026-05-26 14:08

Modified

2026-05-26 17:58

Severity ?

7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-416 - Use After Free

Summary

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata attributes to applications parsing untrusted XML data, causing process crashes or potential code execution.

References

URL

Tags

	https://github.com/CESNET/libyang/security/advisories/GHSA-9f49-8x56-jmjc	vendor-advisory
	https://github.com/CESNET/libyang/commit/6b5ed47ee674fbe86b31bbebc4ff26889aeff38c	patch
	https://red.anthropic.com/2026/cvd/findings/ANT-2026-TZQ1KH7E	third-party-advisory
	https://www.vulncheck.com/advisories/libyang-heap-use-after-free-write-in-xml-metadata-parsing	third-party-advisory

Impacted products

	Vendor	Product	Version
	libyang	libyang	Version: 0 < 5.4.3 Patch: 5.4.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41401",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T17:57:20.352377Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T17:58:08.114Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/CESNET/libyang/security/advisories/GHSA-9f49-8x56-jmjc"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://red.anthropic.com/2026/cvd/findings/ANT-2026-TZQ1KH7E"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libyang",
          "vendor": "libyang",
          "versions": [
            {
              "lessThan": "5.4.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "5.4.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:cesnet:libyang:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "kevin-valerio"
        }
      ],
      "datePublic": "2026-03-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata attributes to applications parsing untrusted XML data, causing process crashes or potential code execution."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-26T14:14:49.472Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GHSA Advisory GHSA-9f49-8x56-jmjc",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/CESNET/libyang/security/advisories/GHSA-9f49-8x56-jmjc"
        },
        {
          "name": "https://github.com/CESNET/libyang/commit/6b5ed47ee674fbe86b31bbebc4ff26889aeff38c",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/CESNET/libyang/commit/6b5ed47ee674fbe86b31bbebc4ff26889aeff38c"
        },
        {
          "name": "Anthropic CVD Finding ANT-2026-TZQ1KH7E",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://red.anthropic.com/2026/cvd/findings/ANT-2026-TZQ1KH7E"
        },
        {
          "name": "VulnCheck Advisory: libyang - Heap Use-After-Free Write in XML Metadata Parsing",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/libyang-heap-use-after-free-write-in-xml-metadata-parsing"
        }
      ],
      "title": "libyang - Heap Use-After-Free Write in XML Metadata Parsing",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-41401",
    "datePublished": "2026-05-26T14:08:48.973Z",
    "dateReserved": "2026-04-20T14:15:22.223Z",
    "dateUpdated": "2026-05-26T17:58:08.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39828 (GCVE-0-2026-39828)

Vulnerability from cvelistv5

Published

2026-05-22 02:31

Modified

2026-05-22 17:44

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-863: Incorrect Authorization

Summary

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

References

URL

Tags

	https://go.dev/issue/79562
	https://groups.google.com/g/golang-announce/c/a082jnz-LvI
	https://go.dev/cl/781621
	https://pkg.go.dev/vuln/GO-2026-5014

Impacted products

	Vendor	Product	Version
	golang.org/x/crypto	golang.org/x/crypto/ssh	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-39828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T17:43:55.428395Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T17:44:19.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh",
          "product": "golang.org/x/crypto/ssh",
          "programRoutines": [
            {
              "name": "connection.serverAuthenticate"
            },
            {
              "name": "NewServerConn"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.52.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "NCC Group Cryptography Services, sponsored by Teleport"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T02:31:26.883Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/79562"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
        },
        {
          "url": "https://go.dev/cl/781621"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5014"
        }
      ],
      "title": "Invoking  bypass of certificate restrictions in golang.org/x/crypto/ssh"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-39828",
    "datePublished": "2026-05-22T02:31:26.883Z",
    "dateReserved": "2026-04-07T18:13:03.528Z",
    "dateUpdated": "2026-05-22T17:44:19.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-46598 (GCVE-0-2026-46598)

Vulnerability from cvelistv5

Published

2026-05-22 02:31

Modified

2026-05-22 18:14

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-129: Improper Validation of Array Index

Summary

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.

References

URL

Tags

	https://go.dev/issue/79596
	https://go.dev/cl/781360
	https://groups.google.com/g/golang-announce/c/a082jnz-LvI
	https://pkg.go.dev/vuln/GO-2026-5033

Impacted products

	Vendor	Product	Version
	golang.org/x/crypto	golang.org/x/crypto/ssh/agent	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-46598",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T18:12:30.585638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-129",
                "description": "CWE-129 Improper Validation of Array Index",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T18:14:37.255Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh/agent",
          "product": "golang.org/x/crypto/ssh/agent",
          "programRoutines": [
            {
              "name": "parseEd25519Cert"
            },
            {
              "name": "parseEd25519Key"
            },
            {
              "name": "ForwardToAgent"
            },
            {
              "name": "ServeAgent"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.52.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "NCC Group Cryptography Services, sponsored by Teleport"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-129: Improper Validation of Array Index",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T02:31:27.986Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/79596"
        },
        {
          "url": "https://go.dev/cl/781360"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5033"
        }
      ],
      "title": "Invoking  pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-46598",
    "datePublished": "2026-05-22T02:31:27.986Z",
    "dateReserved": "2026-05-15T17:35:00.813Z",
    "dateUpdated": "2026-05-22T18:14:37.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39827 (GCVE-0-2026-39827)

Vulnerability from cvelistv5

Published

2026-05-22 02:31

Modified

2026-05-22 18:35

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

Summary

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection.

References

URL

Tags

	https://go.dev/issue/35127
	https://go.dev/cl/781320
	https://groups.google.com/g/golang-announce/c/a082jnz-LvI
	https://pkg.go.dev/vuln/GO-2026-5016

Impacted products

	Vendor	Product	Version
	golang.org/x/crypto	golang.org/x/crypto/ssh	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-39827",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T18:35:34.770589Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T18:35:40.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh",
          "product": "golang.org/x/crypto/ssh",
          "programRoutines": [
            {
              "name": "channel.Reject"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.52.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ziyan Zhou"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-401: Missing Release of Memory after Effective Lifetime",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T02:31:27.064Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/35127"
        },
        {
          "url": "https://go.dev/cl/781320"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5016"
        }
      ],
      "title": "Invoking  memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-39827",
    "datePublished": "2026-05-22T02:31:27.064Z",
    "dateReserved": "2026-04-07T18:13:03.528Z",
    "dateUpdated": "2026-05-22T18:35:40.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39835 (GCVE-0-2026-39835)

Vulnerability from cvelistv5

Published

2026-05-22 02:31

Modified

2026-05-22 17:45

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-476: NULL Pointer Dereference

Summary

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

References

URL

Tags

	https://go.dev/issue/79563
	https://groups.google.com/g/golang-announce/c/a082jnz-LvI
	https://go.dev/cl/781660
	https://pkg.go.dev/vuln/GO-2026-5015

Impacted products

	Vendor	Product	Version
	golang.org/x/crypto	golang.org/x/crypto/ssh	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-39835",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T17:44:50.320380Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T17:45:10.853Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh",
          "product": "golang.org/x/crypto/ssh",
          "programRoutines": [
            {
              "name": "CertChecker.CheckHostKey"
            },
            {
              "name": "CertChecker.Authenticate"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.52.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "NCC Group Cryptography Services, sponsored by Teleport"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T02:31:26.982Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/79563"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
        },
        {
          "url": "https://go.dev/cl/781660"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5015"
        }
      ],
      "title": "Invoking  server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-39835",
    "datePublished": "2026-05-22T02:31:26.982Z",
    "dateReserved": "2026-04-07T18:13:03.529Z",
    "dateUpdated": "2026-05-22T17:45:10.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25680 (GCVE-0-2026-25680)

Vulnerability from cvelistv5

Published

2026-05-22 15:01

Modified

2026-05-22 17:00

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-407: Inefficient Algorithmic Complexity

Summary

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

References

URL

Tags

	https://go.dev/cl/781702
	https://go.dev/issue/79573
	https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
	https://pkg.go.dev/vuln/GO-2026-5028

Impacted products

	Vendor	Product	Version
	golang.org/x/net	golang.org/x/net/html	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-25680",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T17:00:30.926552Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T17:00:35.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parser.parse"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.55.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "IPC Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T15:01:21.805Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/781702"
        },
        {
          "url": "https://go.dev/issue/79573"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5028"
        }
      ],
      "title": "Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-25680",
    "datePublished": "2026-05-22T15:01:21.805Z",
    "dateReserved": "2026-02-05T01:35:43.737Z",
    "dateUpdated": "2026-05-22T17:00:35.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25681 (GCVE-0-2026-25681)

Vulnerability from cvelistv5

Published

2026-05-22 15:01

Modified

2026-05-22 17:46

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

References

URL

Tags

	https://go.dev/issue/79574
	https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
	https://go.dev/cl/781703
	https://pkg.go.dev/vuln/GO-2026-5029

Impacted products

	Vendor	Product	Version
	golang.org/x/net	golang.org/x/net/html	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-25681",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T17:46:00.775026Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T17:46:20.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parser.parse"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.55.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ensy"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T15:01:21.975Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/79574"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
        },
        {
          "url": "https://go.dev/cl/781703"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5029"
        }
      ],
      "title": "Invoking  incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-25681",
    "datePublished": "2026-05-22T15:01:21.975Z",
    "dateReserved": "2026-02-05T01:35:43.738Z",
    "dateUpdated": "2026-05-22T17:46:20.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2026-AVI-0674

Vulnerability from certfr_avis

Solutions

CVE-2026-8466 (GCVE-0-2026-8466)

Vulnerability from cvelistv5

CVE-2026-42502 (GCVE-0-2026-42502)

Vulnerability from cvelistv5

CVE-2026-41401 (GCVE-0-2026-41401)

Vulnerability from cvelistv5

CVE-2026-39828 (GCVE-0-2026-39828)

Vulnerability from cvelistv5

CVE-2026-46598 (GCVE-0-2026-46598)

Vulnerability from cvelistv5

CVE-2026-39827 (GCVE-0-2026-39827)

Vulnerability from cvelistv5

CVE-2026-39835 (GCVE-0-2026-39835)

Vulnerability from cvelistv5

CVE-2026-25680 (GCVE-0-2026-25680)

Vulnerability from cvelistv5

CVE-2026-25681 (GCVE-0-2026-25681)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature