High severity7.5NVD Advisory· Published May 7, 2026· Updated May 13, 2026
CVE-2026-39836
CVE-2026-39836
Description
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- go.dev/cl/775320nvdPatch
- pkg.go.dev/vuln/GO-2026-4971nvdVendor Advisory
- go.dev/issue/79006nvdIssue Tracking
- groups.google.com/g/golang-announce/c/qcCIEXso47MnvdIssue TrackingMailing List
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026