GO-2026-4348 Client DoS via malformed server response in github.com/theupdateframework/go-tuf

Client DoS via malformed server response in github.com/theupdateframework/go-tuf...

EUVD-2026-3673

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...