Description

If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.

INFO

Published Date :

2026-05-07T19:41:19.138Z

Last Modified :

2026-05-08T14:05:05.849Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2026-39826 vulnerability.

Vendors Products
Go Standard Library
  • Html/template
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-39826.

URL Resource
https://go.dev/cl/771180 cve-icon cve-icon
https://go.dev/issue/78981 cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/qcCIEXso47M cve-icon cve-icon
https://pkg.go.dev/vuln/GO-2026-4980 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System