CVE-2026-27141

High CVSS: 7.5

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

Vendor

Product

CWE

Yayın Tarihi

2026-02-26 20:31:38

Güncelleme

2026-02-27 20:21:37

Source Identifier

security@golang.org

KEV Date Added

CWE-476 HIGH 2026

https://go.dev/cl/746180 https://go.dev/issue/77652 https://nvd.nist.gov/vuln/detail/CVE-2026-27141 https://pkg.go.dev/vuln/GO-2026-4559