Browse all 8 CVE security advisories affecting golang.org/x/net. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The golang.org/x/net package provides essential networking libraries for Go applications, handling protocols like HTTP, DNS, and WebSocket implementations. Historically, vulnerabilities have commonly included remote code execution (RCE) through crafted inputs, cross-site scripting (XSS) in web components, and denial-of-service vulnerabilities via resource exhaustion. Notable security characteristics include its widespread use in critical infrastructure, which amplifies potential impact. While no major public incidents have been widely documented, the 8 recorded CVEs highlight ongoing security challenges in protocol implementations and input validation, particularly in web-related components that process untrusted data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33814 | Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net — golang.org/x/net/http2 | 7.5AI | HighAI | 2026-05-07 |
| CVE-2026-27141 | Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net — golang.org/x/net/http2 | 7.5AI | HighAI | 2026-02-26 |
This page lists every published CVE security advisory associated with golang.org/x/net. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.