{"id":"GO-2026-4441","summary":"Infinite parsing loop in golang.org/x/net","details":"The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.","aliases":["CVE-2025-58190"],"modified":"2026-02-10T11:58:49.537868Z","published":"2026-02-05T17:23:17Z","related":["CGA-676m-cmwh-7rgc"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4441"},"references":[{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"},{"type":"REPORT","url":"https://github.com/golang/vulndb/issues/4441"},{"type":"FIX","url":"https://go.dev/cl/709875"}],"affected":[{"package":{"name":"golang.org/x/net","ecosystem":"Go","purl":"pkg:golang/golang.org/x/net"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.45.0"}]}],"ecosystem_specific":{"imports":[{"path":"golang.org/x/net/html","symbols":["Parse","ParseFragment","ParseFragmentWithOptions","ParseWithOptions","inRowIM"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4441.json"}}],"schema_version":"1.7.3","credits":[{"name":"Guido Vranken"}]}