7 matches found
SUSE-SU-2026:2079-1 Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...
SUSE-SU-2026:1861-1 Security update for go1.26
This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool pack' does...
BIT-GOLANG-2026-39826 Escaper bypass leads to XSS in html/template
If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...
CVE-2026-39826 Escaper bypass leads to XSS in html/template
If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...
CVE-2026-39826
CVE-2026-39826 corresponds to an escaper bypass in Go’s html/template that can allow data inside a [removed] block to be incorrectly escaped if a trusted template author uses a [removed] tag with an empty or whitespace-only type attribute. This is described across multiple feeds (NVD, EUVD, Debia...
CVE-2026-39826 Escaper bypass leads to XSS in html/template
If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...
CVE-2026-39826 Escaper bypass leads to XSS in html/template
If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...