CVE-2026-42502
EUVD-2026-3144822.05.2026, 16:16
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| golang | net | 𝑥 < 0.55.0 |
𝑥
= Vulnerable software versions
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| alloy |
| ||||||||||||
| buildah |
| ||||||||||||
| cosign |
| ||||||||||||
| cosign-bash-completion |
| ||||||||||||
| cosign-zsh-completion |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| containerd |
| ||||
| containerd-debuginfo |
| ||||
| containerd-debugsource |
| ||||
| containerd-stress |
| ||||
| containerd-stress-debuginfo |
| ||||
| credentials-fetcher |
| ||||
| docker |
| ||||
| docker-debuginfo |
| ||||
| docker-debugsource |
| ||||
| ecs-init |
| ||||
| nerdctl |
| ||||
| nerdctl-debuginfo |
| ||||
| runfinch-finch |
| ||||
| soci-snapshotter |
|
Azure Linux Releases
Azure Package | |||
|---|---|---|---|
| application-gateway-kubernetes-ingress |
| ||
| cert-manager |
| ||
| cf-cli |
| ||
| cloud-provider-kubevirt |
| ||
| cni-plugins |
| ||
| containerd2 |
| ||
| containerized-data-importer |
| ||
| cri-tools |
| ||
| dasel |
| ||
| docker-buildx |
| ||
| docker-compose |
| ||
| gh |
| ||
| influxdb |
| ||
| keda |
| ||
| kube-vip-cloud-provider |
| ||
| kubernetes |
| ||
| kubevirt |
| ||
| multus |
| ||
| packer |
| ||
| prometheus-adapter |
| ||
| sriov-network-device-plugin |
| ||
| telegraf |
|
Vulnerability Media Exposure