Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25679

Опубликовано: 06 мар. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
AMQ Clientspython39-qpid-protonAffected
AMQ Clientsqpid-protonAffected
Assisted Installer for Red Hat OpenShift Container Platform 2rhai/assisted-installer-rhel9Affected
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-waiters-rhel9Affected
cert-manager Operator for Red Hat OpenShiftcert-manager/jetstack-cert-manager-rhel9Affected
Compliance Operatorcompliance/openshift-compliance-operator-bundleAffected
Confidential Compute Attestationbuild-of-trustee/trustee-rhel9-operatorAffected
Confidential Compute Attestationopenshift-sandboxed-containers/osc-monitor-rhel9Affected
Cryostat 4cryostat/cryostat-storage-rhel9Affected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel9Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-1286
https://bugzilla.redhat.com/show_bug.cgi?id=2445356net/url: Incorrect parsing of IPv6 host literals in net/url

EPSS

Процентиль: 9%
0.00031
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-25679

CVSS3: 7.5
ubuntu
20 дней назад

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

nvd логотип

CVE-2026-25679

CVSS3: 7.5
nvd
20 дней назад

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

msrc логотип

CVE-2026-25679

msrc
15 дней назад

Incorrect parsing of IPv6 host literals in net/url

debian логотип

CVE-2026-25679

CVSS3: 7.5
debian
20 дней назад

url.Parse insufficiently validated the host/authority component and ac ...

github логотип

GHSA-j3gx-2473-5fp8

CVSS3: 7.5
github
20 дней назад

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

EPSS

Процентиль: 9%
0.00031
Низкий

7.5 High

CVSS3