CVE-2026-39836: Panic in Dial and LookupPort when handling NUL byte on Windows in net

Q: What is the severity of CVE-2026-39836?

CVE-2026-39836 is rated as a medium severity vulnerability due to its potential to cause application crashes.

Q: How do I fix CVE-2026-39836?

To fix CVE-2026-39836, update to the latest version of the Google Go standard library that addresses this vulnerability.

Q: What types of systems are affected by CVE-2026-39836?

CVE-2026-39836 affects Windows systems using the Google Go standard library's net package.

Q: What specific functions are involved in CVE-2026-39836?

CVE-2026-39836 involves the Dial and LookupPort functions within the net package.

Q: What impact does CVE-2026-39836 have on applications?

CVE-2026-39836 can lead to application crashes when handling inputs that contain a NUL byte.

Published May 7, 2026

Updated

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

Affected Software

3 affected components

Google Go standard library (net)

Golang Go<1.25.10

Golang Go>=1.26.0<1.26.3

Remediation

Patch Available

https://go.dev/cl/775320

Event History

May 7, 2026

CVE Published

via MITRE·07:41 PM

Data Sourced

via MITRE·07:41 PM

DescriptionWeakness

Data Sourced

via NVD·08:16 PM

RemedyDescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-39836?

CVE-2026-39836 is rated as a medium severity vulnerability due to its potential to cause application crashes.

How do I fix CVE-2026-39836?

To fix CVE-2026-39836, update to the latest version of the Google Go standard library that addresses this vulnerability.

What types of systems are affected by CVE-2026-39836?

CVE-2026-39836 affects Windows systems using the Google Go standard library's net package.

What specific functions are involved in CVE-2026-39836?

CVE-2026-39836 involves the Dial and LookupPort functions within the net package.

What impact does CVE-2026-39836 have on applications?

CVE-2026-39836 can lead to application crashes when handling inputs that contain a NUL byte.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2026-39836: Panic in Dial and LookupPort when handling NUL byte on Windows in net

Affected Software

Remediation

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2026-39836?

How do I fix CVE-2026-39836?

What types of systems are affected by CVE-2026-39836?

What specific functions are involved in CVE-2026-39836?

What impact does CVE-2026-39836 have on applications?

Company

Resources

Contact