CVE Field Guide
About Us
CVE-2026-39836
PUBLISHED
Panic in Dial and LookupPort when handling NUL byte on Windows in net
Assigner:
Go
Reserved:
07.04.2026
Published:
07.05.2026
Updated:
07.05.2026
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
Product Status
Vendor
Go standard library
Product
net
Versions
Default:
unaffected
affected from 0 to 1.25.10 (excl.)
affected from 1.26.0-0 to 1.26.3 (excl.)
References
https://go.dev/issue/79006
https://groups.google.com/g/golang-announce/c/qcCIEXso47M
https://go.dev/cl/775320
https://pkg.go.dev/vuln/GO-2026-4971
Problem Types
CWE-248: Uncaught Exception