Main Vulnerability Database SB2026041135

SB2026041135 - openEuler 24.03 LTS SP3 update for golang

Published: April 11, 2026

Security Bulletin ID SB2026041135

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2026-27142)

The vulnerability allows a remote attacker to execute arbitrary script code in a victim's browser via cross-site scripting (XSS).

The vulnerability exists due to improper output neutralization in html/template when inserting URLs into the content attribute of HTML meta tags with an http-equiv="refresh" attribute. A remote attacker can craft a URL that is not properly escaped, leading to script execution when the page is rendered.

Exploitation requires user interaction, as the victim must load the malicious page. This vulnerability affects applications using the html/template package to generate such meta tags.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1851

SB2026041135 - openEuler 24.03 LTS SP3 update for golang

Breakdown by Severity

Description

Remediation

References

Please verify you're human