High severity7.5NVD Advisory· Published May 7, 2026· Updated May 13, 2026
CVE-2026-33814
CVE-2026-33814
Description
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- go.dev/cl/761581nvdPatch
- go.dev/cl/761640nvdPatch
- pkg.go.dev/vuln/GO-2026-4918nvdVendor Advisory
- go.dev/issue/78476nvdIssue TrackingMailing List
- groups.google.com/g/golang-announce/c/qcCIEXso47MnvdRelease Notes
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026