Skip to main content

Golang CVE-2025-47911

MEDIUM
2026-02-05 security@golang.org GHSA-w4gw-w5jq-g9jh
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch released
Feb 18, 2026 - 17:48 nvd
Patch available
CVE Published
Feb 05, 2026 - 18:16 nvd
MEDIUM 5.3

DescriptionCVE.org

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

AnalysisAI

Html contains a vulnerability that allows attackers to denial of service (DoS) if an attacker provides specially crafted HTML content (CVSS 5.3).

Technical ContextAI

affects Html. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

More in Golang

View all
CVE-2026-24897 CRITICAL POC
10.0 Jan 28

Erugo file-sharing platform up to version 0.2.14 has a CVSS 10.0 path traversal allowing authenticated users to read any

CVE-2022-50926 CRITICAL POC
9.8 Jan 13

WAGO PFC200 G2 PLC (firmware affected) allows privilege escalation through cookie manipulation. Users can modify cookie

CVE-2026-28408 CRITICAL POC
9.8 Feb 27

Authentication bypass in WeGIA charitable institution management system before 3.6.5. The adicionar_tipo_docs_atendido.p

CVE-2026-24895 CRITICAL POC
9.8 Feb 12

CGI path splitting vulnerability in FrankenPHP before 1.11.2 — Unicode characters bypass path validation during CGI proc

CVE-2025-66719 CRITICAL POC
9.1 Jan 23

Free5gc NRF 1.4.0 has an authorization bypass in access token generation that allows authenticated users to request toke

CVE-2022-50909 HIGH POC
8.8 Jan 13

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows

CVE-2026-3769 HIGH POC
8.8 Mar 08

Stack-based buffer overflow in Tenda F453 firmware 1.0.0.3 allows remote attackers with valid credentials to achieve una

CVE-2026-3768 HIGH POC
8.8 Mar 08

Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows authenticated remote attackers to achieve comp

CVE-2025-66292 HIGH POC
8.1 Jan 15

DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vu

CVE-2019-25344 HIGH POC
7.8 Feb 12

Mobilego versions up to 8.5.0 is affected by incorrect permission assignment for critical resource (CVSS 7.8).

CVE-2019-25308 HIGH POC
7.8 Feb 11

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration.

CVE-2026-26514 HIGH POC
7.5 Mar 04

Remote attackers can inject arbitrary command-line arguments into bird-lg-go's traceroute module through unsanitized use

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.1 Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.119 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.86 Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.106 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.120 Affected
Container suse/sl-micro/6.0/toolbox:13.2-9.1 Affected

Share

CVE-2025-47911 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy