CVE-2025-47911

Medium CVSS: 5.3

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Vendor

Product

Html

CWE

NVD-CWE-noinfo

Yayın Tarihi

2026-02-05 18:16:09

Güncelleme

2026-02-18 17:48:49

Source Identifier

security@golang.org

KEV Date Added

Kategoriler

NVD-CWE-noinfo Html MEDIUM Go 2026

Referanslar

https://github.com/golang/vulndb/issues/4440 https://go.dev/cl/709876 https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c https://pkg.go.dev/vuln/GO-2026-4440

Benzer Kayıtlar

Medium

CVE-2025-58190

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can…

Medium

CVE-2025-68120

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

High

CVE-2025-47913

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the cl…

High

CVE-2025-22868

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

High

CVE-2025-22869

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which comp…