USN-8416-1 golang-golang-x-net-dev vulnerability

It was discovered that Go Networking incorrectly handled certain Punycode-encoded labels in the idna package. An attacker could possibly use this issue to bypass hostname-based access restrictions...

CVE-2026-39821

A flaw was found in the idna package, specifically within the golang.org/x/net/idna component. This vulnerability allows for privilege escalation due to incorrect processing of Punycode-encoded labels. An attacker could craft a malicious Punycode label that, when initially checked, appears safe b...

Linux Distros Unpatched Vulnerability : CVE-2026-39821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII- only label. For example, ToUnicodexn--example-.com...

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

CVE-2026-39821

CVE-2026-39821 affects golang.org/x/net/idna; ToASCII/ToUnicode incorrectly accept Punycode-encoded labels that decode to ASCII-only labels (e.g., xn--example-.com). The issue can enable privilege escalation in programs that validate ASCII hostnames but later convert to Unicode, potentially grant...

Important Photon OS Security Update - PHSA-2025-5.0-0462

Updates of 'python-idna', 'frr', 'python3-idna' packages of Photon OS have been released...

EulerOS 2.0 SP11 : python-idna (EulerOS-SA-2024-2091)

According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

Mageia: Security Advisory (MGASA-2024-0245)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0245 Updated python-idna packages fix security vulnerability

mingw-python-idna: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode...