CVE-2025-58190

Medium CVSS: 5.3

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Vendor

Product

Html

CWE

CWE-835

Yayın Tarihi

2026-02-05 18:16:10

Güncelleme

2026-02-18 17:46:35

Source Identifier

security@golang.org

KEV Date Added

Kategoriler

CWE-835 Html MEDIUM Go 2026

Referanslar

https://github.com/golang/vulndb/issues/4441 https://go.dev/cl/709875 https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c https://pkg.go.dev/vuln/GO-2026-4441

Benzer Kayıtlar

Medium

CVE-2025-47911

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which…

Medium

CVE-2025-68120

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

High

CVE-2025-47913

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the cl…

High

CVE-2025-22868

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

High

CVE-2025-22869

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which comp…