CVE-2026-27141 | THREATINT

Description

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

PUBLISHED Reserved 2026-02-17 | Published 2026-02-26 | Updated 2026-02-26 | Assigner Go

Problem types

CWE-476: NULL Pointer Dereference

Product status

Default status

unaffected

0.50.0 (semver) before 0.51.0

affected

References

nvd.nist.gov/vuln/detail/CVE-2026-27141

go.dev/cl/746180

go.dev/issue/77652

pkg.go.dev/vuln/GO-2026-4559

cve.org (CVE-2026-27141)

nvd.nist.gov (CVE-2026-27141)

Download JSON

help @ threatint.eu