Resource Exhaustion in Go Programming Language by Google
CVE-2026-42504

Currently unrated

Key Information:

Vendor: Go Standard Library
Status: Mime
Vendor: CVE Published:; 2 June 2026

🔔 Create Go Standard Library Vulnerability Alert

What is CVE-2026-42504?

This vulnerability arises when a maliciously-crafted MIME header includes numerous invalid encoded-words, leading to excessive CPU usage as the decoder processes these headers. Applications utilizing the Go programming language may experience performance degradation due to this flaw, affecting service availability and system responsiveness.

Affected Version(s)

mime 0 < 1.25.11

mime 1.26.0-0 < 1.26.4

References

https://go.dev/issue/79217

https://go.dev/cl/774481

https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 28, 2026

Credit

p4p3r (https://hackerone.com/p4p3r_hak)

CVE-2026-42504 Data

JSON