The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-05
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-05