What is the CVSS score of CVE-2026-42504?

CVE-2026-42504 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Go mime package are affected by CVE-2026-42504?

Go's MIME parsing library contains a denial-of-service vulnerability affecting any organization running Go-based services that process untrusted MIME headers, including email systems and web APIs.. A patch is available.

Go mime package CVE-2026-42504

EUVD-2026-34039 HIGH

Inefficient Algorithmic Complexity (CWE-407)

2026-06-02 Go

GHSA-h524-452v-82p9

Information Disclosure Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 03, 2026 - 16:23 vuln.today

CVSS changed

Jun 03, 2026 - 16:22 NVD

7.5 (HIGH)

CVE Published

Jun 02, 2026 - 22:01 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

AnalysisAI

Algorithmic complexity denial of service in the Go standard library's mime package allows remote unauthenticated attackers to consume excessive CPU by submitting MIME headers containing many invalid encoded-words. Affected Go releases include mime versions before 1.25.11 and 1.26.0-0 through versions prior to 1.26.4, with a patch available from upstream Go. …

RemediationAI

Within 24 hours: Identify all systems running Go with mime package versions <1.25.11 or 1.26.0 through <1.26.4, particularly those handling email or HTTP requests. Within 7 days: Upgrade affected systems to Go 1.25.11 or Go 1.26.4 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-5422 HIGH This Week

8.1 Jun 02

Path traversal in Jupyter Server 2.17.0 allows authenticated users to read and write files in sibling directories outsid

CVE-2026-8796 HIGH This Week

8.1 May 31

Heap out-of-bounds read in Sereal::Decoder for Perl before version 5.005 allows remote attackers to leak up to 31 bytes

CVE-2026-43958 HIGH This Week

7.8 Jun 01

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to

CVE-2026-50031 HIGH This Week

7.5 Jun 03

Denial of service in FreeIPMI versions before 1.16.18 allows remote attackers to crash the ipmi-oem client by sending ma

CVE-2026-48827 HIGH This Week

7.1 May 30

Path traversal in the org.apache.sshd:sshd-git component of Apache MINA SSHD allows authenticated remote attackers to re

Vendor StatusVendor

CVE-2026-42504 vulnerability details – vuln.today

Back

Go mime package CVE-2026-42504

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code