CVE-2026-25680
MEDIUM6.5EPSS 0.06%Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
Published: 5/22/2026Modified: 6/3/2026
Also known as:DEBIAN-CVE-2026-25680
Description
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.
Affected packages (2)
- Debian/golang-golang-x-netfrom 0
- Go/golang.org/x/netfrom 0, < 0.55.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |