High severity7.5NVD Advisory· Published May 7, 2026· Updated May 13, 2026
CVE-2026-39820
CVE-2026-39820
Description
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- go.dev/cl/759940nvdPatch
- pkg.go.dev/vuln/GO-2026-4986nvdVendor Advisory
- go.dev/issue/78566nvdIssue Tracking
- groups.google.com/g/golang-announce/c/qcCIEXso47MnvdIssue TrackingMailing List
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026