-
Byte Open Security
(ByteOS Network)
Log In
Sign Up
CVE Vulnerability Details :
CVE-2026-27141
PUBLISHED
More Info
Official Page
Assigner
-
Go
Assigner Org ID
-
1bb62c36-49e3-4200-9d77-64a1400537cc
View Known Exploited Vulnerability (KEV) details
Published At
-
26 Feb, 2026 | 18:50
Updated At
-
27 Feb, 2026 | 19:11
Rejected At
-
▼
CVE Numbering Authority (CNA)
Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
Affected Products
Vendor
golang.org/x/net
Product
golang.org/x/net/http2
Collection URL
https://pkg.go.dev
Package Name
golang.org/x/net/http2
Program Routines
typeFrameParser
ClientConn.Close
ClientConn.Ping
ClientConn.RoundTrip
ClientConn.Shutdown
ConfigureServer
ConfigureTransport
ConfigureTransports
ConnectionError.Error
ErrCode.String
FrameHeader.String
FrameType.String
FrameWriteRequest.String
Framer.ReadFrame
Framer.ReadFrameForHeader
Framer.ReadFrameHeader
Framer.WriteContinuation
Framer.WriteData
Framer.WriteDataPadded
Framer.WriteGoAway
Framer.WriteHeaders
Framer.WritePing
Framer.WritePriority
Framer.WritePriorityUpdate
Framer.WritePushPromise
Framer.WriteRSTStream
Framer.WriteRawFrame
Framer.WriteSettings
Framer.WriteSettingsAck
Framer.WriteWindowUpdate
GoAwayError.Error
ReadFrameHeader
Server.ServeConn
Setting.String
SettingID.String
SettingsFrame.ForeachSetting
StreamError.Error
Transport.CloseIdleConnections
Transport.NewClientConn
Transport.RoundTrip
Transport.RoundTripOpt
bufferedWriter.Flush
bufferedWriter.Write
bufferedWriterTimeoutWriter.Write
chunkWriter.Write
clientConnPool.GetClientConn
connError.Error
dataBuffer.Read
duplicatePseudoHeaderError.Error
gzipReader.Close
gzipReader.Read
headerFieldNameError.Error
headerFieldValueError.Error
netHTTPClientConn.Close
netHTTPClientConn.RoundTrip
noDialClientConnPool.GetClientConn
noDialH2RoundTripper.NewClientConn
noDialH2RoundTripper.RoundTrip
pipe.Read
priorityWriteSchedulerRFC7540.CloseStream
priorityWriteSchedulerRFC7540.OpenStream
priorityWriteSchedulerRFC9218.OpenStream
pseudoHeaderError.Error
requestBody.Close
requestBody.Read
responseWriter.Flush
responseWriter.FlushError
responseWriter.Push
responseWriter.SetReadDeadline
responseWriter.SetWriteDeadline
responseWriter.Write
responseWriter.WriteHeader
responseWriter.WriteString
roundRobinWriteScheduler.OpenStream
serverConn.CloseConn
serverConn.Flush
stickyErrWriter.Write
transportResponseBody.Close
transportResponseBody.Read
unencryptedTransport.RoundTrip
writeData.String
Default Status
unaffected
Versions
Affected
From
0.50.0
before
0.51.0
(semver)
Problem Types
Type
CWE ID
Description
N/A
N/A
CWE-476: NULL Pointer Dereference
Type:
N/A
CWE ID:
N/A
Description:
CWE-476: NULL Pointer Dereference
Metrics
Version
Base score
Base severity
Vector
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
https://nvd.nist.gov/vuln/detail/CVE-2026-27141
N/A
https://go.dev/cl/746180
N/A
https://go.dev/issue/77652
N/A
https://pkg.go.dev/vuln/GO-2026-4559
N/A
Hyperlink:
https://nvd.nist.gov/vuln/detail/CVE-2026-27141
Resource:
N/A
Hyperlink:
https://go.dev/cl/746180
Resource:
N/A
Hyperlink:
https://go.dev/issue/77652
Resource:
N/A
Hyperlink:
https://pkg.go.dev/vuln/GO-2026-4559
Resource:
N/A
▼
Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
Type
CWE ID
Description
CWE
CWE-476
CWE-476 NULL Pointer Dereference
Type:
CWE
CWE ID:
CWE-476
Description:
CWE-476 NULL Pointer Dereference
Metrics
Version
Base score
Base severity
Vector
3.1
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version:
3.1
Base score:
7.5
Base severity:
HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
Details not found