Invoking incorrect handling of character references in DOCTYPE nodes in...

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

Basic Information

ID CVE-2026-25681

Source Go

Published May 22, 2026 at 15:01

Modified May 22, 2026 at 17:46

Affected Product

Vendor golang.org/x/net

Product golang.org/x/net/html

Affected Versions golang.org/x/net golang.org/x/net/html 0

References

{
    "lastseen": "",
    "description": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
    "published": "2026-05-22T15:01:21.975Z",
    "modified": "2026-05-22T17:46:20.366Z",
    "type": "cve",
    "title": "Invoking  incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html",
    "source": "Go",
    "references": "https://go.dev/issue/79574\nhttps://groups.google.com/g/golang-announce/c/iI-mYSI0lu8\nhttps://go.dev/cl/781703\nhttps://pkg.go.dev/vuln/GO-2026-5029",
    "id": "CVE-2026-25681",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "golang.org/x/net golang.org/x/net/html 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "golang.org/x/net/html",
    "version": "0",
    "vendor": "golang.org/x/net",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html_CVE-2026-25681

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply