๐Ÿ” CVE Alert

CVE-2026-27141

HIGH 7.5

Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

Vendor golang.org/x/net
Product golang.org/x/net/http2
Published Feb 26, 2026
Last Updated Feb 27, 2026
Stay Ahead of the Next One

Get instant alerts for golang.org/x/net golang.org/x/net/http2

Be the first to know when new high vulnerabilities affecting golang.org/x/net golang.org/x/net/http2 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

golang.org/x/net / golang.org/x/net/http2
0.50.0 < 0.51.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
nvd.nist.gov: https://nvd.nist.gov/vuln/detail/CVE-2026-27141 go.dev: https://go.dev/cl/746180 go.dev: https://go.dev/issue/77652 pkg.go.dev: https://pkg.go.dev/vuln/GO-2026-4559