CVE-2026-25679

Name
CVE-2026-25679
Description
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@golang.org https://go.dev/cl/752180
security@golang.org https://go.dev/issue/77578
security@golang.org https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
security@golang.org https://pkg.go.dev/vuln/GO-2026-4601

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= None < 1.25.8
cpe:2.3:a:golang:go:1.26.0:*:*:*:*:*:*:* go == None == 1.26.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rclone edge-community 1.73.5-r0 Mike Crute <mike@crute.us> fixed
go edge-community 1.26.0-r1 Achill Gilgenast <achill@achill.org> fixed
go edge-community 1.26.0-r0 Achill Gilgenast <achill@achill.org> fixed
go edge-community 1.25.7-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.6-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.5-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.4-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.3-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.2-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.1-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.0-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.24.6-r1 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.24.6-r0 fossdd <fossdd@pwned.life> possibly vulnerable
go edge-community 1.24.5-r1 fossdd <fossdd@pwned.life> possibly vulnerable
go edge-community 1.24.5-r0 fossdd <fossdd@pwned.life> possibly vulnerable
go edge-community 1.24.4-r0 fossdd <fossdd@pwned.life> possibly vulnerable
go edge-community 1.24.3-r1 None possibly vulnerable
go edge-community 1.24.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.2-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.1-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.0-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.4-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.4-r0 None possibly vulnerable
go edge-community 1.22.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.1-r2 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.1-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.0-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.0-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.3-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.0-r2 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.0-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.0-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.7-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.5-r2 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.5-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.2-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.18.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.18.4-r0 None possibly vulnerable
go edge-community 1.18.1-r0 None possibly vulnerable
go edge-community 1.17.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17.7-r0 None possibly vulnerable
go edge-community 1.17.6-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.6-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.2-r0 None possibly vulnerable
go edge-community 1.15.7-r0 None possibly vulnerable
go edge-community 1.15.5-r0 None possibly vulnerable
go edge-community 1.15.2-r0 None possibly vulnerable
go edge-community 1.15-r0 None possibly vulnerable
go edge-community 1.14.5-r0 None possibly vulnerable
go edge-community 1.13.7-r0 None possibly vulnerable
go edge-community 1.13.2-r0 None possibly vulnerable
go edge-community 1.13.1-r0 None possibly vulnerable
go edge-community 1.12.8-r0 None possibly vulnerable
go edge-community 1.11.5-r0 None possibly vulnerable
go edge-community 1.9.4-r0 None possibly vulnerable
go 3.23-community 1.25.8-r0 Achill Gilgenast <achill@achill.org> fixed
go 3.23-community 1.25.7-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go 3.23-community 1.25.6-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go 3.23-community 1.25.5-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable