Primary

Context

Golang html Package Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the html package of golang.org/x/net, prior to version 0.45.0. The issue arises in the Parse function, which can enter an infinite loop when processing certain specially crafted HTML inputs. This flaw can cause the parsing operation to execute much more slowly than expected or to never complete, effectively leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes an infinite loop during HTML parsing, leading to a denial-of-service condition where the application becomes unresponsive or significantly delayed in processing.

Remediation

Users can update to golang.org/x/net version 0.45.0 or later, where this vulnerability has been fixed.

Added: Feb 5, 2026, 7:39 PM

Updated: Feb 5, 2026, 9:05 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

2.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

2.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Golang html Package Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating