Skip to main content

Net Mail

2 CVEs product

Monthly

CVE-2026-39820 Go HIGH POC PATCH This Week

Denial of service in Go standard library net/mail package allows remote unauthenticated attackers to exhaust CPU and memory resources via maliciously crafted email addresses or dates. The vulnerability affects ParseAddress, ParseAddressList, and ParseDate functions in Go versions prior to 1.25.10 and 1.26.0-1.26.2. Confirmed actively exploited (CISA KEV status not indicated; exploitation probability 0.02% per EPSS). Vendor-released patches available in Go 1.25.10 and 1.26.3.

Denial Of Service Net Mail
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42499 Go HIGH POC PATCH This Week

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

Information Disclosure Net Mail
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of service in Go standard library net/mail package allows remote unauthenticated attackers to exhaust CPU and memory resources via maliciously crafted email addresses or dates. The vulnerability affects ParseAddress, ParseAddressList, and ParseDate functions in Go versions prior to 1.25.10 and 1.26.0-1.26.2. Confirmed actively exploited (CISA KEV status not indicated; exploitation probability 0.02% per EPSS). Vendor-released patches available in Go 1.25.10 and 1.26.3.

Denial Of Service Net Mail
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

Information Disclosure Net Mail
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy