UBUNTU-CVE-2026-27136

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-27136

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27136.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-27136

Upstream

CVE-2026-27136

Published

2026-05-22T16:16:00Z

Modified

2026-06-09T21:16:45.002971192Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

References

Affected packages

Ubuntu:Pro:16.04:LTS / golang-golang-x-net-dev

Package

Name: golang-golang-x-net-dev
Purl: pkg:deb/ubuntu/golang-golang-x-net-dev?arch=source&distro=esm-infra%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0+git20150226.3d87fd6-3

0.0+git20151007.b846920+dfsg-1

1:0.*

1:0.0+git20150817.66f0418-1

1:0.0+git20160110.4fd4a9f-1

1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1

1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2",
            "binary_name": "golang-go.net-dev"
        },
        {
            "binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2",
            "binary_name": "golang-golang-x-net-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27136.json"

Ubuntu:Pro:18.04:LTS / golang-golang-x-net-dev

Package

Name: golang-golang-x-net-dev
Purl: pkg:deb/ubuntu/golang-golang-x-net-dev?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1

1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2

1:0.0+git20170629.c81e7f2+dfsg-2

1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1

1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2

1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm3",
            "binary_name": "golang-go.net-dev"
        },
        {
            "binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm3",
            "binary_name": "golang-golang-x-net-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27136.json"

Ubuntu:Pro:20.04:LTS / golang-golang-x-net-dev

Package

Name: golang-golang-x-net-dev
Purl: pkg:deb/ubuntu/golang-golang-x-net-dev?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.0+git20190811.74dc4d7+dfsg-1

1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1

1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2

1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm3",
            "binary_name": "golang-go.net-dev"
        },
        {
            "binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm3",
            "binary_name": "golang-golang-x-net-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27136.json"