CVE-2026-42507

Summary

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged.

Affected Software

VendorProductVersion RangeStatus
Go standard librarynet/textproto0 < 1.25.11affected
Go standard librarynet/textproto1.26.0-0 < 1.26.4affected

Weaknesses

  • CWE-532: Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References