net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

RockyLinux 10 : yggdrasil (RLSA-2026:19126)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19126 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 ke...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

RockyLinux 9 : grafana (RLSA-2026:19185)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19185 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

RHEL 9 : buildah (RHSA-2026:16102)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16102 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

AlmaLinux 10 : osbuild-composer (ALSA-2026:13643)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:13643 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the AlmaLinux...

AlmaLinux 10 : image-builder (ALSA-2026:13642)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:13642 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the AlmaLinux...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

AlmaLinux 9 : image-builder (ALSA-2026:13671)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:13671 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the AlmaLinux...

ALSA-2026:13642 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including the impact, a CVSS score,...

RHEL 10 / 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Important) (RHSA-2026:13508)

The remote Redhat Enterprise Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13508 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

RockyLinux 10 : yggdrasil (RLSA-2026:11413)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:11413 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

RLSA-2026:11412 Important: yggdrasil-worker-package-manager security update

yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that matc...

RLSA-2026:11413 Important: yggdrasil security update

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fixes: net/url: Incorrect parsing of IPv6 host literals ...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

MiracleLinux 8 : osbuild-composer-101.4-5.el8_10.ML.1 (AXSA:2026-508:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-508:07 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the MiracleLinu...