CVE-2026-42499
HIGHDescription
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
Is your site exposed to CVE-2026-42499?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Affected Products
| Vendor | Product |
|---|---|
| golang | go |
| golang | go |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-42499? +
How severe is CVE-2026-42499? +
What products are affected by CVE-2026-42499? +
How do I check if I'm vulnerable to CVE-2026-42499? +
Related Vulnerabilities
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other …
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses …
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' …
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination …
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would …
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the …