CVE-2026-46598
5.3 MEDIUMFor certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used
Published: 2026-05-22 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-129
Affected products
| Vendor | Product |
|---|---|
| golang | crypto |
Description
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-42506 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-42502 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-39821 — The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label (9.6 CRITICAL)
- CVE-2026-27136 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-25681 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
Same CWE
- CVE-2026-45624 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)
- CVE-2026-45359 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
- CVE-2026-24181 — NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation (7.3 HIGH)
- CVE-2026-25276 — Memory corruption while using Strongbox due to missing bounds check (8.8 HIGH)
- CVE-2026-46163 — In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX pa... (7.8 HIGH)