go1.26-openssl (SUSE:Linux Enterprise Module for Development Tools 15 SP7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Development Tools 15 SP7 package go1.26-openssl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2026-25679 — CVSS 7.5 (high): url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
CVE-2026-27137 — CVSS 7.5 (high): When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local…
CVE-2026-27142 — CVSS 6.1 (medium): Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an…
CVE-2026-27138 — CVSS 5.9 (medium): Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded…
CVE-2026-27139 — CVSS 2.5 (low): On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file…