CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.0%

CVSS Severity

CVSS v3 Score 9.6

References

Products affected by CVE-2026-39821

Golang » Net » Version: 0.1.0

cpe:2.3:a:golang:net:0.1.0
Golang » Net » Version: 0.10.0

cpe:2.3:a:golang:net:0.10.0
Golang » Net » Version: 0.11.0

cpe:2.3:a:golang:net:0.11.0
Golang » Net » Version: 0.12.0

cpe:2.3:a:golang:net:0.12.0
Golang » Net » Version: 0.13.0

cpe:2.3:a:golang:net:0.13.0
Golang » Net » Version: 0.14.0

cpe:2.3:a:golang:net:0.14.0
Golang » Net » Version: 0.15.0

cpe:2.3:a:golang:net:0.15.0
Golang » Net » Version: 0.16.0

cpe:2.3:a:golang:net:0.16.0
Golang » Net » Version: 0.17.0

cpe:2.3:a:golang:net:0.17.0
Golang » Net » Version: 0.18.0

cpe:2.3:a:golang:net:0.18.0
Golang » Net » Version: 0.19.0

cpe:2.3:a:golang:net:0.19.0
Golang » Net » Version: 0.2.0

cpe:2.3:a:golang:net:0.2.0
Golang » Net » Version: 0.20.0

cpe:2.3:a:golang:net:0.20.0
Golang » Net » Version: 0.21.0

cpe:2.3:a:golang:net:0.21.0
Golang » Net » Version: 0.22.0

cpe:2.3:a:golang:net:0.22.0
Golang » Net » Version: 0.23.0

cpe:2.3:a:golang:net:0.23.0
Golang » Net » Version: 0.24.0

cpe:2.3:a:golang:net:0.24.0
Golang » Net » Version: 0.25.0

cpe:2.3:a:golang:net:0.25.0
Golang » Net » Version: 0.26.0

cpe:2.3:a:golang:net:0.26.0
Golang » Net » Version: 0.27.0

cpe:2.3:a:golang:net:0.27.0
Golang » Net » Version: 0.28.0

cpe:2.3:a:golang:net:0.28.0
Golang » Net » Version: 0.29.0

cpe:2.3:a:golang:net:0.29.0
Golang » Net » Version: 0.3.0

cpe:2.3:a:golang:net:0.3.0
Golang » Net » Version: 0.30.0

cpe:2.3:a:golang:net:0.30.0
Golang » Net » Version: 0.31.0

cpe:2.3:a:golang:net:0.31.0
Golang » Net » Version: 0.32.0

cpe:2.3:a:golang:net:0.32.0
Golang » Net » Version: 0.33.0

cpe:2.3:a:golang:net:0.33.0
Golang » Net » Version: 0.34.0

cpe:2.3:a:golang:net:0.34.0
Golang » Net » Version: 0.35.0

cpe:2.3:a:golang:net:0.35.0
Golang » Net » Version: 0.36.0

cpe:2.3:a:golang:net:0.36.0
Golang » Net » Version: 0.37.0

cpe:2.3:a:golang:net:0.37.0
Golang » Net » Version: 0.38.0

cpe:2.3:a:golang:net:0.38.0
Golang » Net » Version: 0.39.0

cpe:2.3:a:golang:net:0.39.0
Golang » Net » Version: 0.4.0

cpe:2.3:a:golang:net:0.4.0
Golang » Net » Version: 0.40.0

cpe:2.3:a:golang:net:0.40.0
Golang » Net » Version: 0.41.0

cpe:2.3:a:golang:net:0.41.0
Golang » Net » Version: 0.42.0

cpe:2.3:a:golang:net:0.42.0
Golang » Net » Version: 0.43.0

cpe:2.3:a:golang:net:0.43.0
Golang » Net » Version: 0.44.0

cpe:2.3:a:golang:net:0.44.0
Golang » Net » Version: 0.45.0

cpe:2.3:a:golang:net:0.45.0
Golang » Net » Version: 0.46.0

cpe:2.3:a:golang:net:0.46.0
Golang » Net » Version: 0.47.0

cpe:2.3:a:golang:net:0.47.0
Golang » Net » Version: 0.48.0

cpe:2.3:a:golang:net:0.48.0
Golang » Net » Version: 0.49.0

cpe:2.3:a:golang:net:0.49.0
Golang » Net » Version: 0.5.0

cpe:2.3:a:golang:net:0.5.0
Golang » Net » Version: 0.50.0

cpe:2.3:a:golang:net:0.50.0
Golang » Net » Version: 0.51.0

cpe:2.3:a:golang:net:0.51.0
Golang » Net » Version: 0.52.0

cpe:2.3:a:golang:net:0.52.0
Golang » Net » Version: 0.53.0

cpe:2.3:a:golang:net:0.53.0
Golang » Net » Version: 0.54.0

cpe:2.3:a:golang:net:0.54.0
Golang » Net » Version: 0.6.0

cpe:2.3:a:golang:net:0.6.0
Golang » Net » Version: 0.7.0

cpe:2.3:a:golang:net:0.7.0
Golang » Net » Version: 0.8.0

cpe:2.3:a:golang:net:0.8.0
Golang » Net » Version: 0.9.0

cpe:2.3:a:golang:net:0.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-39821

Products

Pricing

Contact Us