CVE-2026-27142

Published: Mar 06, 2026 Last Modified: Mar 16, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,1
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value 'refresh'. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow 'url=' by setting htmlmetacontenturlescape=0.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0003
Percentile
0,1th
Updated

EPSS Score Trend (Last 10 Days)

https://go.dev/cl/752081
https://go.dev/cl/752081
https://go.dev/issue/77954
https://go.dev/issue/77954
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://pkg.go.dev/vuln/GO-2026-4603
https://pkg.go.dev/vuln/GO-2026-4603