Unrated severityNVD Advisory· Published Feb 5, 2026· Updated Feb 12, 2026

Infinite parsing loop in golang.org/x/net

CVE-2025-58190

Description

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Affected products

Golang/x/net/htmlllm-create
golang.org/x/net/golang.org/x/net/htmlv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/golang/vulndb/issues/4441mitre
go.dev/cl/709875mitre
groups.google.com/g/golang-announce/c/jnQcOYpiR2cmitre
pkg.go.dev/vuln/GO-2026-4441mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000