CVE-2025-61726
Memory exhaustion in query parameter parsing in net/url
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
| Vendor | go standard library |
| Product | net/url |
| Published | Jan 28, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for go standard library net/url
Be the first to know when new high vulnerabilities affecting go standard library net/url are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Go standard library / net/url
0 < 1.24.12 1.25.0 < 1.25.6
References
go.dev: https://go.dev/cl/736712 go.dev: https://go.dev/issue/77101 groups.google.com: https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc pkg.go.dev: https://pkg.go.dev/vuln/GO-2026-4341 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-61726 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2434432 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3958 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7676 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4460 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3959 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6278 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26527 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26541 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10096 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3416 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17595 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3875 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17446 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6277 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3186 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:28047 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3391 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5968 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14868 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3843 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4166 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3813 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3192 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3977 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3831 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3816 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17084 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4256 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5852 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17040 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4907 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3970 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16696 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3506 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3699 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3297 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3864 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4164 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3669 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2706 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2914 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3035 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3840 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3092 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4174 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3752 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3336 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4892 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3971 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3343 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5146 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5145 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19013 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22937 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22450 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19132 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4672 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2708 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3985 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3188 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3187 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3898 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4952 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3468 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3841 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3470 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3973 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3879 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3815 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5461 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5030 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19634 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3489 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3972 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3880 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3812 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5853 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5031 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3471 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3974 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3838 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3821 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4753 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5022 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16102 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3932 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3473 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3854 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3822 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5533 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5079 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:25252 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:25251 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3931 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3472 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3836 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3820 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5327 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:25248 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5076 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:25253 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:25250 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12030 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12032 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3930 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3469 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3835 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3818 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12033 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4267 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4211 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12028 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5078 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12031 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12029 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11749 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9109 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3929 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3814 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3193 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3833 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3817 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9108 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4264 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5544 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7854 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5077 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9097 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9098 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3298 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3341 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3928 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3668 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2709 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2920 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3040 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3839 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4177 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3753 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3337 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4901 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3291 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3340 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:18913 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:23228 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22714 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5645 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26636 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5851 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7942 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:25089 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7052 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4500 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4939 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4498 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6429 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5110 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6226 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6428 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6251 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4170 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8433 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4270 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22627 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8229 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:25127 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:13548 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8151 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11408 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4466 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4467 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3960 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3089 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7385 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7291 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4220 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5807 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3782 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10184 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:24977 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19712 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3713 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5549 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12282 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14100 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21691 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:15091 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14774 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10104 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4510 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4511 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17598 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3905 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3906 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6554 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21657 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4434 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7249 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4435 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:20041 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3855 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3856 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8431 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17468 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6564 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2844 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6192 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3869 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3874 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3884 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3559 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8483 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5132 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3556 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5948 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5129 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5950 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5131 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5952 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5130 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3427 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3459 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5394 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11747 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26420 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6184 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12279 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4942 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21017 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6568 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6497 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19375 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2681 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6567 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5665 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:23361 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5168 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2754 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:15984 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14879 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5447 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5452 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5439 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4276 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3296 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3184 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5444 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5649 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5463 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4943 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10250 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10225 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8338 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8337 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8167 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:13571 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17460 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17463 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:28441 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:13542 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9848 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5636 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8218 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11414
Credits
jub0bs