Go html/template XSS Bypass Fix: Empty Script Type Treated as JavaScript (CVE-2026-39826)

go.dev 2026-05-08查看中文 →

Referenced CVEs: CVE-2026-39826

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from go.dev, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

Go net/mail CVE-2026-42499 DoS Vulnerability Fix 2026-05-08 Go cmd/go Checksum Database Bypass Vulnerability (CVE-2026-42501) 2026-05-08 Go cmd/pack Directory Traversal Fix 2026-05-08 Go net/http/httputil ReverseProxy Bypasses urlmaxqueryparams Limit (CVE-2026-39823) 2026-05-08 Go html/template URL Escaping Bypass via Meta Tag Whitespace (CVE-2026-39823) 2026-05-08

Offline Archive

Offline screenshot & PDF are Pro-exclusive