CVE-2026-39825 | net-http-httputil up to 1.25.9/1.26.2 on Go Query Parameter Rewrite request smuggling

Inserito da Angelo Barbosa | Mag 7, 2026 | CVE

A vulnerability classified as problematic was found in net-http-httputil up to 1.25.9/1.26.2 on Go. This impacts the function Rewrite of the component Query Parameter Handler. Executing a manipulation can lead to http request smuggling.

This vulnerability is tracked as CVE-2026-39825. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-39825 | net-http-httputil up to 1.25.9/1.26.2 on Go Query Parameter Rewrite request smuggling

Post correlati

CVE-2024-33580 | Lenovo Personal Cloud up to 2.2.x uncontrolled search path

CVE-2024-7521 | Mozilla Firefox up to 128 WebAssembly use after free

CVE-2024-24478 | Wireshark up to 4.1.x packet-bgp.c dissect_bgp_open denial of service

CVE-2018-25249 | My Arcade Plugin 1.3 on MyBB Comment cross site scripting (Exploit 44186 / EDB-44186)