Bug 2480761 (CVE-2026-25681) - CVE-2026-25681 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting
Summary: CVE-2026-25681 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code e...
Keywords:
Status: NEW
Alias: CVE-2026-25681
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2495235 2495236 2495237 2495238 2495239 2495240 2495241 2495242 2495243 2495244 2495245 2495246 2495247 2495249 2495250 2495251 2495252 2495253 2495254 2495255 2495256 2495257 2495258 2495259 2495260 2495261 2495262 2495263 2495264 2495265 2495266 2495267 2495268 2495269 2495270 2495271 2495272 2495273 2495274 2495275 2495276 2495277 2495278 2495279 2495280 2495281 2495282 2495283 2495284 2495285 2495286 2495287 2495288 2495289 2495290 2495291 2495292 2495293 2495294 2495295 2495296 2495297 2495298 2495299 2495300 2495301 2495302 2495303 2495304 2495305 2495306 2495307 2495308 2495309 2495310 2495311 2495312 2495313 2495314 2495315 2495316 2495317 2495319 2495320 2495321 2495322 2495323 2495324 2495325 2495326 2495327 2495328 2495329 2495248 2495318
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-22 16:01 UTC by OSIDB Bzimport
Modified: 2026-07-01 19:21 UTC (History)
138 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:34357 0 None None None 2026-07-01 18:36:20 UTC
Red Hat Product Errata RHSA-2026:34359 0 None None None 2026-07-01 19:21:18 UTC

Description OSIDB Bzimport 2026-05-22 16:01:30 UTC
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

Comment 2 errata-xmlrpc 2026-07-01 18:36:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:34357 https://access.redhat.com/errata/RHSA-2026:34357

Comment 3 errata-xmlrpc 2026-07-01 19:21:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:34359 https://access.redhat.com/errata/RHSA-2026:34359


Note You need to log in before you can comment on or make changes to this bug.