What is the CVSS score of CVE-2026-42502?

CVE-2026-42502 has a CVSS 3.x base score of 6.1 (N/A). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-42502?

Yes, a patch is available for CVE-2026-42502. Update the affected software to the latest version immediately.

Golang Org X Net Html CVE-2026-42502

EUVD-2026-31448

2026-05-22 Go

GHSA-wrh2-89vg-4j9g

XSS Golang Org X Net Html

6.1

CVSS

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

CVE Published

May 22, 2026 - 15:01 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42502 vulnerability details – vuln.today

Back