Known Vulnerabilities for products from Golang
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Golang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46598 json | For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. | Not Provided | 2026-05-22 | 2026-05-28 |
| CVE-2026-46597 json | An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inp... | Not Provided | 2026-05-22 | 2026-05-28 |
| CVE-2026-46595 json | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback... | Not Provided | 2026-05-22 | 2026-05-28 |
| CVE-2026-42508 json | Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key... | Not Provided | 2026-05-22 | 2026-05-28 |
| CVE-2026-42506 json | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to ex... | Not Provided | 2026-05-22 | 2026-05-29 |
| CVE-2026-42502 json | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to ex... | Not Provided | 2026-05-22 | 2026-05-29 |
| CVE-2026-42501 json | A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database va... | Not Provided | 2026-05-07 | 2026-05-13 |
| CVE-2026-42499 json | Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. | Not Provided | 2026-05-07 | 2026-05-13 |
| CVE-2026-39835 json | SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused... | Not Provided | 2026-05-22 | 2026-05-28 |
| CVE-2026-39834 json | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size ... | Not Provided | 2026-05-22 | 2026-05-28 |
| CVE-2026-39833 json | The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced... | Not Provided | 2026-05-22 | 2026-05-28 |
| CVE-2026-39832 json | When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in... | Not Provided | 2026-05-22 | 2026-05-28 |
| CVE-2026-39827 json | An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth,... | Not Provided | 2026-05-22 | 2026-05-26 |
| CVE-2026-39826 json | If a trusted template author were to write a |