CVE-2026-33814 | http2-net-http up to 0.52.x on Go SETTINGS_MAX_FRAME_SIZE infinite loop

Inserito da Angelo Barbosa | Mag 7, 2026 | CVE

A vulnerability labeled as problematic has been found in http2-net-http up to 0.52.x on Go. This affects an unknown function. Such manipulation of the argument SETTINGS_MAX_FRAME_SIZE leads to infinite loop.

This vulnerability is uniquely identified as CVE-2026-33814. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-33814 | http2-net-http up to 0.52.x on Go SETTINGS_MAX_FRAME_SIZE infinite loop

Post correlati

CVE-2025-8522 | givanz Vvvebjs up to 2.0.4 node.js /save.php File path traversal (Issue 409)

CVE-2024-44207 | Apple iOS/iPadOS up to 18.0 Audio Message information disclosure (ID 121373)

CVE-2026-20451 | MediaTek MT8910 slbc type confusion

CVE-2023-48782 | Fortinet FortiWLM up to 8.6.5 HTTP GET Request os command injection (FG-IR-23-450)