CVE-2026-39825
MEDIUMDescription
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query "a1=x&a2=x&...&a10000=x&hidden=y" can forward the parameter "hidden=y" while hiding it from the proxy's Rewrite function.
Is your site exposed to CVE-2026-39825?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Affected Products
| Vendor | Product |
|---|---|
| golang | go |
| golang | go |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-39825? +
How severe is CVE-2026-39825? +
What products are affected by CVE-2026-39825? +
How do I check if I'm vulnerable to CVE-2026-39825? +
Related Vulnerabilities
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other …
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses …
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' …
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination …
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would …
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the …