GO-2026-4559 — Vulnetix

GO-2026-4559 PUBLISHED

Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Affected Products

Vendor	Product	Versions
golang.org	x/net	0.50.0, 0.50.0

Timeline

Feb 26, 2026 CVE Published
May 1, 2026 Security Advisory
May 15, 2026 CVE Updated

References

https://nvd.nist.gov/vuln/detail/CVE-2026-27141 advisory
https://go.dev/cl/746180 patch
https://go.dev/issue/77652 report

Open in Interactive Console →

$ Console Community · 100/wk Open console ›