PatchSiren

golang.org/x/net CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM golang.org/x/net CVE published 2026-05-22

CVE-2026-25680

A denial-of-service vulnerability exists in the Go `golang.org/x/net` HTML parsing package. Parsing attacker-controlled HTML can trigger excessive CPU consumption, leading to application unavailability. The issue is rated CVSS 3.1 6.5 (Medium) with an attack vector of network, low attack complexity, no privileges required, and user interaction required. The vulnerability stems from uncontrolled resource c [truncated]