Vulnerability Details CVE-2026-27136
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.3%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2026-27136
-
cpe:2.3:a:golang:net:0.1.0
-
cpe:2.3:a:golang:net:0.10.0
-
cpe:2.3:a:golang:net:0.11.0
-
cpe:2.3:a:golang:net:0.12.0
-
cpe:2.3:a:golang:net:0.13.0
-
cpe:2.3:a:golang:net:0.14.0
-
cpe:2.3:a:golang:net:0.15.0
-
cpe:2.3:a:golang:net:0.16.0
-
cpe:2.3:a:golang:net:0.17.0
-
cpe:2.3:a:golang:net:0.18.0
-
cpe:2.3:a:golang:net:0.19.0
-
cpe:2.3:a:golang:net:0.2.0
-
cpe:2.3:a:golang:net:0.20.0
-
cpe:2.3:a:golang:net:0.21.0
-
cpe:2.3:a:golang:net:0.22.0
-
cpe:2.3:a:golang:net:0.23.0
-
cpe:2.3:a:golang:net:0.24.0
-
cpe:2.3:a:golang:net:0.25.0
-
cpe:2.3:a:golang:net:0.26.0
-
cpe:2.3:a:golang:net:0.27.0
-
cpe:2.3:a:golang:net:0.28.0
-
cpe:2.3:a:golang:net:0.29.0
-
cpe:2.3:a:golang:net:0.3.0
-
cpe:2.3:a:golang:net:0.30.0
-
cpe:2.3:a:golang:net:0.31.0
-
cpe:2.3:a:golang:net:0.32.0
-
cpe:2.3:a:golang:net:0.33.0
-
cpe:2.3:a:golang:net:0.34.0
-
cpe:2.3:a:golang:net:0.35.0
-
cpe:2.3:a:golang:net:0.36.0
-
cpe:2.3:a:golang:net:0.37.0
-
cpe:2.3:a:golang:net:0.38.0
-
cpe:2.3:a:golang:net:0.39.0
-
cpe:2.3:a:golang:net:0.4.0
-
cpe:2.3:a:golang:net:0.40.0
-
cpe:2.3:a:golang:net:0.41.0
-
cpe:2.3:a:golang:net:0.42.0
-
cpe:2.3:a:golang:net:0.43.0
-
cpe:2.3:a:golang:net:0.44.0
-
cpe:2.3:a:golang:net:0.45.0
-
cpe:2.3:a:golang:net:0.46.0
-
cpe:2.3:a:golang:net:0.47.0
-
cpe:2.3:a:golang:net:0.48.0
-
cpe:2.3:a:golang:net:0.49.0
-
cpe:2.3:a:golang:net:0.5.0
-
cpe:2.3:a:golang:net:0.50.0
-
cpe:2.3:a:golang:net:0.51.0
-
cpe:2.3:a:golang:net:0.52.0
-
cpe:2.3:a:golang:net:0.53.0
-
cpe:2.3:a:golang:net:0.54.0
-
cpe:2.3:a:golang:net:0.6.0
-
cpe:2.3:a:golang:net:0.7.0
-
cpe:2.3:a:golang:net:0.8.0
-
cpe:2.3:a:golang:net:0.9.0