CVE-2026-25681

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N                                    

Vulnerability Description

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

Vulnerability Details

Published Date

May 22, 2026

Last Modified

May 22, 2026

Source

NVD

External References

https://go.dev/cl/781703
https://go.dev/issue/79574
https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
https://pkg.go.dev/vuln/GO-2026-5029

CVE-2026-25681

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment