Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-39836
PUBLISHED
More InfoOfficial Page
Assigner-Go
Assigner Org ID-1bb62c36-49e3-4200-9d77-64a1400537cc
View Known Exploited Vulnerability (KEV) details
Published At-07 May, 2026 | 19:41
Updated At-08 May, 2026 | 21:30
Rejected At-
▼CVE Numbering Authority (CNA)
Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

Affected Products
Vendor
Go standard library
Product
net
Collection URL
https://pkg.go.dev
Package Name
net
Program Routines
  • Resolver.lookupPort
  • Resolver.lookupAddr
  • Resolver.lookupTXT
  • Resolver.lookupNS
  • Resolver.lookupMX
  • Resolver.lookupSRV
  • Dial
  • DialTimeout
  • Dialer.Dial
  • Dialer.DialContext
  • Listen
  • ListenConfig.Listen
  • ListenConfig.ListenPacket
  • ListenPacket
  • LookupAddr
  • LookupCNAME
  • LookupHost
  • LookupIP
  • LookupMX
  • LookupNS
  • LookupPort
  • LookupSRV
  • LookupTXT
  • ResolveIPAddr
  • ResolveTCPAddr
  • ResolveUDPAddr
  • Resolver.LookupAddr
  • Resolver.LookupCNAME
  • Resolver.LookupHost
  • Resolver.LookupIP
  • Resolver.LookupIPAddr
  • Resolver.LookupMX
  • Resolver.LookupNS
  • Resolver.LookupNetIP
  • Resolver.LookupPort
  • Resolver.LookupSRV
  • Resolver.LookupTXT
Default Status
unaffected
Versions
Affected
  • From 0 before 1.25.10 (semver)
  • From 1.26.0-0 before 1.26.3 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-248: Uncaught Exception
Type: N/A
CWE ID: N/A
Description: CWE-248: Uncaught Exception
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://go.dev/issue/79006
N/A
https://groups.google.com/g/golang-announce/c/qcCIEXso47M
N/A
https://go.dev/cl/775320
N/A
https://pkg.go.dev/vuln/GO-2026-4971
N/A
Hyperlink: https://go.dev/issue/79006
Resource: N/A
Hyperlink: https://groups.google.com/g/golang-announce/c/qcCIEXso47M
Resource: N/A
Hyperlink: https://go.dev/cl/775320
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2026-4971
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found