216.73.217.24

CVE-2026-39823

· Published 07/05/2026 20:16 · Modified 07/05/2026 20:38

Labels: CVE-2026-39823 2026-05-07CVE-2026-39823[email protected]

Essential information

Published
07/05/2026 20:16
Modified
07/05/2026 20:38
Author
Creator
CISA KEV
No
CWE

Description

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute, the escaper would fail to similarly escape it, leading to XSS.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
golang / go cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

References