Skip to main content

Html Template

1 CVEs product

Monthly

CVE-2026-39823 Go MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Go's html/template library allows attackers to bypass URL escaping in meta tag content attributes by inserting ASCII whitespaces around the equals sign, enabling injection of malicious scripts into web applications. Affects Go 1.25.x before 1.25.10 and 1.26.x before 1.26.3. This is a regression from CVE-2026-27142 where the fix was incomplete, and exploitation requires user interaction (UI:R) but operates across security boundaries (S:C).

XSS Html Template Red Hat
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Go's html/template library allows attackers to bypass URL escaping in meta tag content attributes by inserting ASCII whitespaces around the equals sign, enabling injection of malicious scripts into web applications. Affects Go 1.25.x before 1.25.10 and 1.26.x before 1.26.3. This is a regression from CVE-2026-27142 where the fix was incomplete, and exploitation requires user interaction (UI:R) but operates across security boundaries (S:C).

XSS Html Template Red Hat
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy