VDB

RHSA-2026%3A19022

RHSA-2026%3A19022 PUBLISHED CVSS 7.5 HIGH

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatgolang-0:1.26.2-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-bin-0:1.26.2-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-race-0:1.26.2-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-0:1.26.2-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-race-0:1.26.2-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-tests-0:1.26.2-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-0:1.26.2-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgo-toolset-0:1.26.2-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-misc-0:1.26.2-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgo-toolset-0:1.26.2-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-bin-0:1.26.2-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgo-toolset-0:1.26.2-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgo-toolset-0:1.26.2-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-race-0:1.26.2-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-bin-0:1.26.2-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-race-0:1.26.2-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-bin-0:1.26.2-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-src-0:1.26.2-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-0:1.26.2-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10
Red Hatgolang-docs-0:1.26.2-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)1.26.2-2.el10

…and 1 more

Timeline

  • May 19, 2026 CVE Published
  • May 19, 2026 CVE Updated
  • May 19, 2026 Distribution Patch
  • May 19, 2026 Distribution Patch
  • May 19, 2026 Security Advisory
  • May 19, 2026 Security Advisory
  • May 19, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›