Resource Exhaustion in Go Programming Language by Google
CVE-2026-42504

7.5HIGH

Key Information:

Vendor: Go Standard Library
Status: Mime
Vendor: CVE Published:; 2 June 2026

🔔 Create Go Standard Library Vulnerability Alert

What is CVE-2026-42504?

This vulnerability arises when a maliciously-crafted MIME header includes numerous invalid encoded-words, leading to excessive CPU usage as the decoder processes these headers. Applications utilizing the Go programming language may experience performance degradation due to this flaw, affecting service availability and system responsiveness.

Affected Version(s)

mime 0 < 1.25.11

mime 1.26.0-0 < 1.26.4

References

https://go.dev/issue/79217

https://go.dev/cl/774481

https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 28, 2026

Credit

p4p3r (https://hackerone.com/p4p3r_hak)

CVE-2026-42504 Data

JSON