2445356 – (CVE-2026-25679) CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url

Bug 2445356 (CVE-2026-25679) - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url

Summary: CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url

Keywords:
Status:	NEW
Alias:	CVE-2026-25679
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2446058
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-06 22:02 UTC by OSIDB Bzimport
Modified:	2026-04-18 08:28 UTC (History)
CC List:	129 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2026:5941	None	None	None	2026-03-26 13:36:52 UTC
Red Hat Product Errata	RHSA-2026:5942	None	None	None	2026-03-26 13:49:06 UTC
Red Hat Product Errata	RHSA-2026:5944	None	None	None	2026-03-26 14:00:45 UTC
Red Hat Product Errata	RHSA-2026:6341	None	None	None	2026-04-01 09:20:00 UTC
Red Hat Product Errata	RHSA-2026:6344	None	None	None	2026-04-01 11:19:02 UTC
Red Hat Product Errata	RHSA-2026:6382	None	None	None	2026-04-01 14:52:07 UTC
Red Hat Product Errata	RHSA-2026:6383	None	None	None	2026-04-01 14:54:08 UTC
Red Hat Product Errata	RHSA-2026:6388	None	None	None	2026-04-01 14:36:40 UTC
Red Hat Product Errata	RHSA-2026:6949	None	None	None	2026-04-08 00:29:38 UTC
Red Hat Product Errata	RHSA-2026:7005	None	None	None	2026-04-08 11:27:52 UTC
Red Hat Product Errata	RHSA-2026:7009	None	None	None	2026-04-08 13:26:53 UTC
Red Hat Product Errata	RHSA-2026:7011	None	None	None	2026-04-08 13:28:01 UTC
Red Hat Product Errata	RHSA-2026:7259	None	None	None	2026-04-09 09:29:44 UTC
Red Hat Product Errata	RHSA-2026:7315	None	None	None	2026-04-09 14:31:18 UTC
Red Hat Product Errata	RHSA-2026:7328	None	None	None	2026-04-09 15:17:37 UTC
Red Hat Product Errata	RHSA-2026:7665	None	None	None	2026-04-13 02:20:07 UTC
Red Hat Product Errata	RHSA-2026:7669	None	None	None	2026-04-13 01:57:07 UTC
Red Hat Product Errata	RHSA-2026:7674	None	None	None	2026-04-13 02:45:01 UTC
Red Hat Product Errata	RHSA-2026:7833	None	None	None	2026-04-13 09:51:56 UTC
Red Hat Product Errata	RHSA-2026:7834	None	None	None	2026-04-13 10:19:23 UTC
Red Hat Product Errata	RHSA-2026:7876	None	None	None	2026-04-13 16:28:00 UTC
Red Hat Product Errata	RHSA-2026:7877	None	None	None	2026-04-13 16:26:39 UTC
Red Hat Product Errata	RHSA-2026:7878	None	None	None	2026-04-13 16:19:48 UTC
Red Hat Product Errata	RHSA-2026:7879	None	None	None	2026-04-13 16:24:10 UTC
Red Hat Product Errata	RHSA-2026:7883	None	None	None	2026-04-13 17:41:56 UTC
Red Hat Product Errata	RHSA-2026:7992	None	None	None	2026-04-14 06:44:10 UTC
Red Hat Product Errata	RHSA-2026:8314	None	None	None	2026-04-15 14:01:26 UTC
Red Hat Product Errata	RHSA-2026:8322	None	None	None	2026-04-15 15:27:23 UTC
Red Hat Product Errata	RHSA-2026:8324	None	None	None	2026-04-15 15:32:21 UTC
Red Hat Product Errata	RHSA-2026:8434	None	None	None	2026-04-16 10:49:02 UTC
Red Hat Product Errata	RHSA-2026:8456	None	None	None	2026-04-16 12:30:27 UTC

Description OSIDB Bzimport 2026-03-06 22:02:34 UTC

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Comment 6 errata-xmlrpc 2026-03-26 13:36:43 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:5941 https://access.redhat.com/errata/RHSA-2026:5941

Comment 7 errata-xmlrpc 2026-03-26 13:48:56 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:5942 https://access.redhat.com/errata/RHSA-2026:5942

Comment 8 errata-xmlrpc 2026-03-26 14:00:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:5944 https://access.redhat.com/errata/RHSA-2026:5944

Comment 9 errata-xmlrpc 2026-04-01 09:19:51 UTC

This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2026:6341 https://access.redhat.com/errata/RHSA-2026:6341

Comment 10 errata-xmlrpc 2026-04-01 11:18:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:6344 https://access.redhat.com/errata/RHSA-2026:6344

Comment 11 errata-xmlrpc 2026-04-01 14:36:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:6388 https://access.redhat.com/errata/RHSA-2026:6388

Comment 12 errata-xmlrpc 2026-04-01 14:51:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:6382 https://access.redhat.com/errata/RHSA-2026:6382

Comment 13 errata-xmlrpc 2026-04-01 14:53:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:6383 https://access.redhat.com/errata/RHSA-2026:6383

Comment 14 errata-xmlrpc 2026-04-08 00:29:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:6949 https://access.redhat.com/errata/RHSA-2026:6949

Comment 15 errata-xmlrpc 2026-04-08 11:27:44 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:7005 https://access.redhat.com/errata/RHSA-2026:7005

Comment 16 errata-xmlrpc 2026-04-08 13:26:43 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:7009 https://access.redhat.com/errata/RHSA-2026:7009

Comment 17 errata-xmlrpc 2026-04-08 13:27:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:7011 https://access.redhat.com/errata/RHSA-2026:7011

Comment 18 errata-xmlrpc 2026-04-09 09:29:35 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7259 https://access.redhat.com/errata/RHSA-2026:7259

Comment 19 errata-xmlrpc 2026-04-09 14:31:09 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7315 https://access.redhat.com/errata/RHSA-2026:7315

Comment 20 errata-xmlrpc 2026-04-09 15:17:27 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:7328 https://access.redhat.com/errata/RHSA-2026:7328

Comment 21 errata-xmlrpc 2026-04-13 01:56:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:7669 https://access.redhat.com/errata/RHSA-2026:7669

Comment 22 errata-xmlrpc 2026-04-13 02:19:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:7665 https://access.redhat.com/errata/RHSA-2026:7665

Comment 23 errata-xmlrpc 2026-04-13 02:44:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:7674 https://access.redhat.com/errata/RHSA-2026:7674

Comment 24 errata-xmlrpc 2026-04-13 09:51:47 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:7833 https://access.redhat.com/errata/RHSA-2026:7833

Comment 25 errata-xmlrpc 2026-04-13 10:19:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:7834 https://access.redhat.com/errata/RHSA-2026:7834

Comment 26 errata-xmlrpc 2026-04-13 16:19:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:7878 https://access.redhat.com/errata/RHSA-2026:7878

Comment 27 errata-xmlrpc 2026-04-13 16:24:00 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:7879 https://access.redhat.com/errata/RHSA-2026:7879

Comment 28 errata-xmlrpc 2026-04-13 16:26:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:7877 https://access.redhat.com/errata/RHSA-2026:7877

Comment 29 errata-xmlrpc 2026-04-13 16:27:50 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:7876 https://access.redhat.com/errata/RHSA-2026:7876

Comment 30 errata-xmlrpc 2026-04-13 17:41:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:7883 https://access.redhat.com/errata/RHSA-2026:7883

Comment 31 errata-xmlrpc 2026-04-14 06:44:01 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:7992 https://access.redhat.com/errata/RHSA-2026:7992

Comment 32 errata-xmlrpc 2026-04-15 14:01:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:8314 https://access.redhat.com/errata/RHSA-2026:8314

Comment 33 errata-xmlrpc 2026-04-15 15:27:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:8322 https://access.redhat.com/errata/RHSA-2026:8322

Comment 34 errata-xmlrpc 2026-04-15 15:32:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:8324 https://access.redhat.com/errata/RHSA-2026:8324

Comment 35 errata-xmlrpc 2026-04-16 10:48:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:8434 https://access.redhat.com/errata/RHSA-2026:8434

Comment 36 errata-xmlrpc 2026-04-16 12:30:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:8456 https://access.redhat.com/errata/RHSA-2026:8456

Note You need to log in before you can comment on or make changes to this bug.

aazores
abarbaro
abrianik
akostadi
akoudelk
alcohan
alebedev
alizardo
amasferr
anjoseph
anpicker
ansmith
anthomas
ataylor
bbrownin
bdettelb
bparees
chfoley
ckandaga
cmah
crizzo
dhanak
dmayorov
doconnor
drosa
dschmidt
dsimansk
dymurray
eaguilar
ebaron
eborisov
eglynn
ehelms
erezende
fdeutsch
ggainey
ggrzybek
gparvin
hasun
ibolton
jbalunas
jburrell
jcantril
jchui
jeder
jfula
jhe
jjoyce
jkoehler
jlanda
jlledo
jmatthew
jmontleo
jolong
jowilson
jprabhak
jpretori
jraez
jschluet
juwatts
kingland
kshier
ktsao
kverlaen
lball
lbragsta
lchilton
lgamliel
lhh
lphiri
manissin
mbocek
mburns
mgarciac
mhulan
mnovotny
mrunge
mwringe
nboldt
ngough
nmoumoul
nyancey
oaljalju
ometelka
oramraz
osousa
pahickey
pantinor
parichar
pcreech
peholase
pgaikwad
pjindal
psrna
ptisnovs
pvasanth
rchan
rfreiman
rgodfrey
rhaigner
rjohnson
rojacob
sakbas
sausingh
sdawley
sfeifer
simaishi
slucidi
smallamp
smcdonal
smullick
sseago
stcannon
stirabos
swoodman
syedriko
tasato
teagle
thason
tmalecek
tsedmik
veshanka
vimartin
wenshen
whayutin
wtam
xdharmai
xiyuan
yguenane