High severity7.5NVD Advisory· Published May 7, 2026· Updated May 12, 2026
CVE-2026-33811
CVE-2026-33811
Description
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- go.dev/cl/767860nvdPatch
- groups.google.com/g/golang-announce/c/qcCIEXso47MnvdMailing ListThird Party Advisory
- pkg.go.dev/vuln/GO-2026-4981nvdVendor Advisory
- go.dev/issue/78803nvdIssue Tracking
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026