CVE-2026-27136

EUVD-2026-31451
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
golangnet
𝑥
< 0.55.0
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
buildah
suse enterprise sap 15 SP7
1.35.5-150500.3.62.1
fixed
suse enterprise server 15 SP4
1.35.5-150400.3.68.1
fixed
suse enterprise server 15 SP5
1.35.5-150500.3.62.1
fixed
suse enterprise server 15 SP6
1.35.5-150500.3.62.1
fixed
suse enterprise server 15 SP7
1.35.5-150500.3.62.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
podman
RHEL 9
6:5.8.2-4.el9_8
fixed
podman-docker
RHEL 9
6:5.8.2-4.el9_8
fixed
podman-plugins
RHEL 9
6:5.8.2-4.el9_8
fixed
podman-remote
RHEL 9
6:5.8.2-4.el9_8
fixed
podman-tests
RHEL 9
6:5.8.2-4.el9_8
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
containerd
Amazon Linux 2023
0:2.2.4-1.amzn2023.0.2
fixed
containerd-debuginfo
Amazon Linux 2023
0:2.2.4-1.amzn2023.0.2
fixed
containerd-debugsource
Amazon Linux 2023
0:2.2.4-1.amzn2023.0.2
fixed
containerd-stress
Amazon Linux 2023
0:2.2.4-1.amzn2023.0.2
fixed
containerd-stress-debuginfo
Amazon Linux 2023
0:2.2.4-1.amzn2023.0.2
fixed
credentials-fetcher
Amazon Linux 2023
0:2.0.3-1.amzn2023.0.1
fixed
docker
Amazon Linux 2023
0:25.0.16-1.amzn2023.0.2
fixed
docker-debuginfo
Amazon Linux 2023
0:25.0.16-1.amzn2023.0.2
fixed
docker-debugsource
Amazon Linux 2023
0:25.0.16-1.amzn2023.0.2
fixed
ecs-init
Amazon Linux 2023
0:1.105.0-1.amzn2023
fixed
nerdctl
Amazon Linux 2
0:2.2.2-1.amzn2.0.3
fixed
Amazon Linux 2023
0:2.2.2-1.amzn2023.0.3
fixed
nerdctl-debuginfo
Amazon Linux 2
0:2.2.2-1.amzn2.0.3
fixed
runfinch-finch
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.3
fixed
soci-snapshotter
Amazon Linux 2023
0:0.14.1-1.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
application-gateway-kubernetes-ingress
Azure Linux 3.0
0:1.7.7-4.azl3
fixed
cert-manager
Azure Linux 3.0
0:1.12.15-8.azl3
fixed
cf-cli
Azure Linux 3.0
0:8.7.11-6.azl3
fixed
cloud-provider-kubevirt
Azure Linux 3.0
0:0.5.1-4.azl3
fixed
cni-plugins
Azure Linux 3.0
0:1.4.0-6.azl3
fixed
containerd2
Azure Linux 3.0
0:2.1.6-3.azl3
fixed
containerized-data-importer
Azure Linux 3.0
0:1.62.0-5.azl3
fixed
cri-tools
Azure Linux 3.0
0:1.32.0-6.azl3
fixed
dasel
Azure Linux 3.0
0:2.8.1-4.azl3
fixed
docker-buildx
Azure Linux 3.0
0:0.14.0-13.azl3
fixed
docker-compose
Azure Linux 3.0
0:2.27.0-11.azl3
fixed
gh
Azure Linux 3.0
0:2.62.0-16.azl3
fixed
influxdb
Azure Linux 3.0
0:2.7.5-17.azl3
fixed
keda
Azure Linux 3.0
0:2.14.1-13.azl3
fixed
kube-vip-cloud-provider
Azure Linux 3.0
0:0.0.10-6.azl3
fixed
kubernetes
Azure Linux 3.0
0:1.30.10-25.azl3
fixed
kubevirt
Azure Linux 3.0
0:1.7.1-5.azl3
fixed
multus
Azure Linux 3.0
0:4.0.2-8.azl3
fixed
packer
Azure Linux 3.0
0:1.9.5-14.azl3
fixed
prometheus-adapter
Azure Linux 3.0
0:0.12.0-6.azl3
fixed
sriov-network-device-plugin
Azure Linux 3.0
0:3.7.0-6.azl3
fixed
telegraf
Azure Linux 3.0
0:1.31.0-21.azl3
fixed