Go net/url Host Validation Flaw in Parse (v<1.25.8, <1.26.1)
CVE-2026-25679 Published on March 6, 2026

Incorrect parsing of IPv6 host literals in net/url
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

NVD

Vulnerability Analysis

CVE-2026-25679 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

Products Associated with CVE-2026-25679

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Ansible Automation Platform

Red Hat Ansible Automation Platform Developer

Red Hat Rhel Els

Red Hat Ansible Automation Platform Inside

Red Hat Openshift

Red Hat Satellite

Red Hat Satellite Capsule

Red Hat Satellite Maintenance

Red Hat Satellite Utils

Red Hat Cryostat

Red Hat Openstack

Red Hat Enterprise Linux Eus

Red Hat Enterprise Linux (RHEL)

Red Hat Rhel Aus

Red Hat Rhel Eus Long Life

Red Hat Rhel E4s

Red Hat Rhel Tus

Red Hat Rhel Eus

Red Hat Openshift Custom Metrics Autoscaler

Red Hat Devworkspace

Red Hat Logging

Red Hat Multicluster Globalhub

Red Hat Network Observ Optr

Red Hat Openshift Api Data Protection

Red Hat Openshift Compliance Operator

Red Hat Openshift File Integrity Operator

Red Hat Acm

Red Hat Advanced Cluster Security

Red Hat Rhdh

Red Hat Enterprise Linux Ai

Red Hat Hummingbird

Red Hat Lightspeed For Runtimes

Red Hat Openshift Ai

Red Hat Openshift Builds

Red Hat Openshift Devspaces

Red Hat Service Mesh

Red Hat Openshift Distributed Tracing

Red Hat Stf

Red Hat Quay

Red Hat Trusted Artifact Signer

Red Hat Rhui

Red Hat Webterminal

Red Hat Mirror Registry

Red Hat Assisted Installer

Red Hat Cert Manager

Red Hat Confidential Compute Attestation

Red Hat Deployment Validator Operator

Red Hat External Secrets Operator

Red Hat Ext Dns Optr

Red Hat Workload Availability Far

Red Hat Gatekeeper

Red Hat Lvms

Red Hat Workload Availability Mdr

Red Hat Migration Toolkit Applications

Red Hat Rhmt

Red Hat Multicluster Engine

Red Hat Ocp Tools

Red Hat Openshift Lightspeed

Red Hat Openshift Pipelines

Red Hat Serverless

Red Hat 3scale Amp

Red Hat Certifications

Red Hat Connectivity Link

Red Hat Edge Manager

Red Hat Openshift Cluster Manager Cli

Red Hat Openshift Data Foundation

Red Hat Openshift Gitops

Red Hat Openshift Service On Aws

Red Hat Container Native Virtualization

Red Hat Service Interconnect

Red Hat Openshift Security Profiles Operator

Red Hat Amq Streams

Red Hat Zero Trust Workload Identity Manager

Red Hat Workload Availability Nhc

Red Hat Openshift Power Monitoring

Red Hat Amq Clients

Red Hat Apache Camel Hawtio

Red Hat Windows Machine Config

Affected Versions

Go standard library net/url:

Before 1.25.8 is affected.
Version 1.26.0-0 and below 1.26.1 is affected.

Red Hat Ansible Automation Platform 2.6 for RHEL 10: Red Hat Enterprise Linux Server (v. 7 ELS): Red Hat Ansible Automation Platform 2.5 for RHEL 8: Red Hat OpenShift Container Platform 4.12: Red Hat OpenShift Container Platform 4.13: Red Hat OpenShift Container Platform 4.16: Red Hat OpenShift Container Platform 4.18: Red Hat Satellite 6.16 for RHEL 8: Red Hat Ansible Automation Platform 2.5 for RHEL 9: Red Hat Ansible Automation Platform 2.6 for RHEL 9: Red Hat Cryostat 4 on RHEL 9: Red Hat OpenStack Platform 17.1: Red Hat Satellite 6.16 for RHEL 9: Red Hat Enterprise Linux AppStream EUS (v. 10.0): Red Hat Enterprise Linux AppStream (v. 10): Red Hat Enterprise Linux AppStream (v. 8): Red Hat Enterprise Linux AppStream AUS (v. 8.2): Red Hat Enterprise Linux AppStream AUS (v.8.4): Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4): Red Hat Enterprise Linux AppStream AUS (v.8.6): Red Hat Enterprise Linux AppStream E4S (v.8.6): Red Hat Enterprise Linux AppStream TUS (v.8.6): Red Hat Enterprise Linux AppStream E4S (v.8.8): Red Hat Enterprise Linux AppStream TUS (v.8.8): Red Hat Enterprise Linux AppStream E4S (v.9.0): Red Hat Enterprise Linux AppStream E4S (v.9.2): Red Hat Enterprise Linux AppStream E4S (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.6): Red Hat Enterprise Linux AppStream (v. 9): Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0): Red Hat Enterprise Linux CodeReady Linux Builder (v. 10): Red Hat CodeReady Linux Builder EUS (v.9.4): Red Hat CodeReady Linux Builder EUS (v.9.6): Red Hat Enterprise Linux CodeReady Linux Builder (v. 9): Red Hat Custom Metric Autoscaler 2.19: Red Hat DevWorkspace Operator 0.4: Logging Subsystem for Red Hat OpenShift 6.0: Logging Subsystem for Red Hat OpenShift 6.2: Logging Subsystem for Red Hat OpenShift 6.4: Red Hat Multicluster Global Hub 1.3.4: Red Hat Multicluster Global Hub 1.4.5: Red Hat Multicluster Global Hub 1.5.4: Red Hat Multicluster Global Hub 1.6.2: Red Hat Network Observability (NETOBSERV) 1.11.2: Red Hat OpenShift API for Data Protection 1.4: Red Hat OpenShift API for Data Protection 1.5: Red Hat OpenShift Compliance Operator 1: Red Hat OpenShift File Integrity Operator - FIO 1: Red Hat Advanced Cluster Management for Kubernetes 2.14: Red Hat Advanced Cluster Management for Kubernetes 2.15: Red Hat Advanced Cluster Security for Kubernetes 4.10: Red Hat Advanced Cluster Security for Kubernetes 4.8: Red Hat Advanced Cluster Security for Kubernetes 4.9: Red Hat Ansible Automation Platform 2.6: Red Hat Developer Hub 1.8: Red Hat Developer Hub 1.9: Red Hat Enterprise Linux AI 3.3: Red Hat Hardened Images: Red Hat Lightspeed (formerly Insights) for Runtimes 1: Red Hat OpenShift AI 2.25: Red Hat OpenShift Builds 1.6.5: Red Hat OpenShift Builds 1.7.3: Red Hat OpenShift Container Platform 4.14: Red Hat OpenShift Container Platform 4.15: Red Hat OpenShift Container Platform 4.17: Red Hat OpenShift Container Platform 4.19: Red Hat OpenShift Container Platform 4.20: Red Hat OpenShift Dev Spaces 3.27: Red Hat OpenShift Service Mesh 2.6: Red Hat OpenShift Service Mesh 3.0: Red Hat OpenShift Service Mesh 3.1: Red Hat OpenShift Service Mesh 3.2: Red Hat OpenShift Service Mesh 3.3: Red Hat OpenShift distributed tracing 3.9.3: Red Hat OpenStack 1.5: Red Hat OpenStack Services on OpenShift 18: Red Hat Quay 3.12: Red Hat Quay 3.14: Red Hat Quay 3.15: Red Hat Quay 3.16: Red Hat Quay 3.1: Red Hat Quay 3.9: Red Hat Satellite 6.18: Red Hat Trusted Artifact Signer 1.3: Red Hat Update Infrastructure 5: Red Hat Web Terminal 1.11: Red Hat Web Terminal 1.12: Red Hat Web Terminal 1.13: Red Hat Web Terminal 1.14: Red Hat Web Terminal 1.15: mirror registry for Red Hat OpenShift 2.0: Assisted Installer for Red Hat OpenShift Container Platform 2: cert-manager Operator for Red Hat OpenShift: Red Hat Confidential Compute Attestation: Red Hat Deployment Validation Operator: External Secrets Operator for Red Hat OpenShift: Red Hat ExternalDNS Operator: Red Hat Fence Agents Remediation Operator: Red Hat Gatekeeper 3: Logging Subsystem for Red Hat OpenShift: Red Hat Logical Volume Manager Storage: Red Hat Machine Deletion Remediation Operator: Red Hat Migration Toolkit for Applications 8: Red Hat Migration Toolkit for Containers: mirror registry for Red Hat OpenShift: Red Hat Multicluster Engine for Kubernetes: Red Hat OpenShift Developer Tools and Services: Red Hat OpenShift Lightspeed: Red Hat OpenShift Pipelines: Red Hat OpenShift Serverless: Red Hat OpenShift Service Mesh 2: Red Hat 3scale API Management Platform 2: Red Hat Certification Program for Red Hat Enterprise Linux 9: Red Hat Connectivity Link 1: Red Hat Edge Manager 1: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat OpenShift Cluster Manager CLI: Red Hat OpenShift Container Platform 4: Red Hat Openshift Data Foundation 4: Red Hat OpenShift GitOps: Red Hat OpenShift on AWS: Red Hat OpenShift Virtualization 4: Red Hat OpenStack Platform 16.2: Red Hat OpenStack Platform 18.0: Red Hat Quay 3: Red Hat Satellite 6: Red Hat Service Interconnect 1: Red Hat Service Interconnect 2: Red Hat Security Profiles Operator: Red Hat streams for Apache Kafka 3: Red Hat Zero Trust Workload Identity Manager: Red Hat Zero Trust Workload Identity Manager - Tech Preview: Red Hat Node HealthCheck Operator: Power monitoring for Red Hat OpenShift: Red Hat AMQ Clients: Red Hat Ansible Automation Platform 2: Red Hat build of Apache Camel - HawtIO 4: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift for Windows Containers:

Exploit Probability

EPSS

0.52%

Percentile

40.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Go net/url Host Validation Flaw in Parse (v<1.25.8, <1.26.1)CVE-2026-25679 Published on March 6, 2026

Vulnerability Analysis

Weakness Type

Improper Validation of Syntactic Correctness of Input

Products Associated with CVE-2026-25679

Affected Versions

Exploit Probability

Go net/url Host Validation Flaw in Parse (v<1.25.8, <1.26.1)
CVE-2026-25679 Published on March 6, 2026