GO-2026-4559
- Source
- https://pkg.go.dev/vuln/GO-2026-4559
- Import Source
- https://vuln.go.dev/ID/GO-2026-4559.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2026-4559
- Aliases
-
- CVE-2026-27141
- Related
- Published
- 2026-02-26T18:24:17Z
- Modified
- 2026-03-03T01:29:33.153071Z
- Summary
- Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
- Details
-
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2026-4559", "review_status": "REVIEWED" }- References
Affected packages
Go / golang.org/x/net
Package
- Name
- golang.org/x/net
- View open source insights on deps.dev
- Purl
- pkg:golang/golang.org/x/net
Ecosystem specific
{
"imports": [
{
"symbols": [
"ClientConn.Close",
"ClientConn.Ping",
"ClientConn.RoundTrip",
"ClientConn.Shutdown",
"ConfigureServer",
"ConfigureTransport",
"ConfigureTransports",
"ConnectionError.Error",
"ErrCode.String",
"FrameHeader.String",
"FrameType.String",
"FrameWriteRequest.String",
"Framer.ReadFrame",
"Framer.ReadFrameForHeader",
"Framer.ReadFrameHeader",
"Framer.WriteContinuation",
"Framer.WriteData",
"Framer.WriteDataPadded",
"Framer.WriteGoAway",
"Framer.WriteHeaders",
"Framer.WritePing",
"Framer.WritePriority",
"Framer.WritePriorityUpdate",
"Framer.WritePushPromise",
"Framer.WriteRSTStream",
"Framer.WriteRawFrame",
"Framer.WriteSettings",
"Framer.WriteSettingsAck",
"Framer.WriteWindowUpdate",
"GoAwayError.Error",
"ReadFrameHeader",
"Server.ServeConn",
"Setting.String",
"SettingID.String",
"SettingsFrame.ForeachSetting",
"StreamError.Error",
"Transport.CloseIdleConnections",
"Transport.NewClientConn",
"Transport.RoundTrip",
"Transport.RoundTripOpt",
"bufferedWriter.Flush",
"bufferedWriter.Write",
"bufferedWriterTimeoutWriter.Write",
"chunkWriter.Write",
"clientConnPool.GetClientConn",
"connError.Error",
"dataBuffer.Read",
"duplicatePseudoHeaderError.Error",
"gzipReader.Close",
"gzipReader.Read",
"headerFieldNameError.Error",
"headerFieldValueError.Error",
"netHTTPClientConn.Close",
"netHTTPClientConn.RoundTrip",
"noDialClientConnPool.GetClientConn",
"noDialH2RoundTripper.NewClientConn",
"noDialH2RoundTripper.RoundTrip",
"pipe.Read",
"priorityWriteSchedulerRFC7540.CloseStream",
"priorityWriteSchedulerRFC7540.OpenStream",
"priorityWriteSchedulerRFC9218.OpenStream",
"pseudoHeaderError.Error",
"requestBody.Close",
"requestBody.Read",
"responseWriter.Flush",
"responseWriter.FlushError",
"responseWriter.Push",
"responseWriter.SetReadDeadline",
"responseWriter.SetWriteDeadline",
"responseWriter.Write",
"responseWriter.WriteHeader",
"responseWriter.WriteString",
"roundRobinWriteScheduler.OpenStream",
"serverConn.CloseConn",
"serverConn.Flush",
"stickyErrWriter.Write",
"transportResponseBody.Close",
"transportResponseBody.Read",
"typeFrameParser",
"unencryptedTransport.RoundTrip",
"writeData.String"
],
"path": "golang.org/x/net/http2"
}
]
}