CVE-2026-27136

Sažetak

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

Reference

https://go.dev/cl/781685
https://go.dev/issue/79575
https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
https://pkg.go.dev/vuln/GO-2026-5030

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

29-05-2026 - 15:27

Objavljeno

22-05-2026 - 16:16