CVE-2026-42504

Description

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

Affected packages (1)

• Go/stdlibfrom 0, < 1.25.11, >= 1.26.0-0, < 1.26.4

References (3)

• PATCHhttps://go.dev/cl/774481
• REPORThttps://go.dev/issue/79217
• WEBhttps://groups.google.com/g/golang-announce/c/tKs3rmcBcKw