High severity7.5NVD Advisory· Published May 7, 2026· Updated May 13, 2026
CVE-2026-42499
CVE-2026-42499
Description
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- go.dev/cl/771520nvdPatch
- pkg.go.dev/vuln/GO-2026-4977nvdVendor Advisory
- go.dev/issue/78987nvdIssue Tracking
- groups.google.com/g/golang-announce/c/qcCIEXso47MnvdRelease Notes
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026