5 matches found
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...
CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
CVE-2026-39821
CVE-2026-39821 affects golang.org/x/net/idna; ToASCII/ToUnicode incorrectly accept Punycode-encoded labels that decode to ASCII-only labels (e.g., xn--example-.com). The issue can enable privilege escalation in programs that validate ASCII hostnames but later convert to Unicode, potentially grant...
PT-2026-42782
Name of the Vulnerable Software and Affected Versions idna affected versions not specified Description The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For instance, ToUnicode"xn--example-.com" returns "example.com" instead of an...
HackerOne: LLM03: Training Data Poisoning via ASCII decoding
Vulnerability description not provided...