Double-free CVE-2026-33811 via LookupCNAME in Go net (<=1.26.2)
CVE-2026-33811 Published on May 7, 2026

Crash when handling long CNAME response in net
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

NVD

Vulnerability Analysis

CVE-2026-33811 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

CWE-1341

Products Associated with CVE-2026-33811

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Hummingbird
 
Red Hat Service Mesh
 
Red Hat Assisted Installer
 
Red Hat Openshift Builds
 
Red Hat Cert Manager
 
Red Hat Openshift Compliance Operator
 
Red Hat Confidential Compute Attestation
 
Red Hat Cryostat
 
Red Hat Openshift Custom Metrics Autoscaler
 
Red Hat Deployment Validator Operator
 
Red Hat External Secrets Operator
 
Red Hat Workload Availability Far
 
Red Hat Openshift File Integrity Operator
 
Red Hat Gatekeeper
 
Red Hat Logging
 
Red Hat Lvms
 
Red Hat Workload Availability Mdr
 
Red Hat Migration Toolkit Applications
 
Red Hat Rhmt
 
Red Hat Mirror Registry
 
Red Hat Multiarch Tuning Operator
 
Red Hat Multicluster Engine
 
Red Hat Multicluster Globalhub
 
Red Hat Network Observ Optr
 
Red Hat Workload Availability Nhc
 
Red Hat Openshift Api Data Protection
 
Red Hat Ocp Tools
 
Red Hat Openshift Lightspeed
 
Red Hat Openshift Pipelines
 
Red Hat Serverless
 
Red Hat Source To Image
 
Red Hat Openshift Power Monitoring
 
Red Hat Acm
 
Red Hat Advanced Cluster Security
 
Red Hat Ansible Automation Platform
 
Red Hat Service Registry
 
Red Hat Ceph Storage
 
Red Hat Certifications
 
Red Hat Connectivity Link
 
Red Hat Rhdh
 
Red Hat Edge Manager
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Ai
 
Red Hat Lightspeed For Runtimes
 
Red Hat Openshift Ai
 
Red Hat Openshift Cluster Manager Cli
 
Red Hat Openshift
 
Red Hat Openshift Data Foundation
 
Red Hat Openshift Devspaces
 
Red Hat Devworkspace
 
Red Hat Openshift Distributed Tracing
 
Red Hat Windows Machine Config
 
Red Hat Openshift Gitops
 
Red Hat Openshift Service On Aws
 
Red Hat Container Native Virtualization
 
Red Hat Openstack
 
Red Hat Quay
 
Red Hat Satellite
 
Red Hat Service Interconnect
 
Red Hat Trusted Artifact Signer
 
Red Hat Webterminal
 
Red Hat Openshift Security Profiles Operator
 
Red Hat Stf
 
Red Hat Amq Streams
 
Red Hat Zero Trust Workload Identity Manager
 
Red Hat 3scale Amp
 
Red Hat Amq Clients
 

Affected Versions

Go standard library net: Red Hat Hardened Images: Red Hat OpenShift Service Mesh 3.0: Red Hat OpenShift Service Mesh 3.1: Red Hat OpenShift Service Mesh 3.2: Red Hat OpenShift Service Mesh 3.3: Assisted Installer for Red Hat OpenShift Container Platform 2: Builds for Red Hat OpenShift: cert-manager Operator for Red Hat OpenShift: Red Hat Compliance Operator: Red Hat Confidential Compute Attestation: Red Hat Cryostat 4: Custom Metric Autoscaler operator for Red Hat Openshift: Red Hat Deployment Validation Operator: External Secrets Operator for Red Hat OpenShift: Red Hat Fence Agents Remediation Operator: Red Hat File Integrity Operator: Red Hat Gatekeeper 3: Logging Subsystem for Red Hat OpenShift: Red Hat Logical Volume Manager Storage: Red Hat Machine Deletion Remediation Operator: Red Hat Migration Toolkit for Applications 8: Red Hat Migration Toolkit for Containers: mirror registry for Red Hat OpenShift: mirror registry for Red Hat OpenShift 2: Red Hat Multiarch Tuning Operator: Red Hat Multicluster Engine for Kubernetes: Red Hat Multicluster Global Hub: Red Hat Network Observability Operator: Red Hat Node HealthCheck Operator: Red Hat OpenShift API for Data Protection: Red Hat OpenShift Developer Tools and Services: Red Hat OpenShift Lightspeed: Red Hat OpenShift Pipelines: Red Hat OpenShift Serverless: Red Hat OpenShift Source-to-Image (S2I): Power monitoring for Red Hat OpenShift: Red Hat Advanced Cluster Management for Kubernetes 2: Red Hat Advanced Cluster Security 4: Red Hat Ansible Automation Platform 2: Red Hat build of Apicurio Registry 2: Red Hat Ceph Storage 5: Red Hat Ceph Storage 6: Red Hat Ceph Storage 9: Red Hat Certification Program for Red Hat Enterprise Linux 9: Red Hat Connectivity Link 1: Red Hat Developer Hub: Red Hat Edge Manager 1: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux AI (RHEL AI) 3: Red Hat Lightspeed for Runtimes Operator: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift Cluster Manager CLI: Red Hat OpenShift Container Platform 4: Red Hat Openshift Data Foundation 4: Red Hat OpenShift Dev Spaces: Red Hat OpenShift Dev Workspaces Operator: Red Hat OpenShift distributed tracing 3: Red Hat OpenShift for Windows Containers: Red Hat OpenShift GitOps: Red Hat OpenShift on AWS: Red Hat OpenShift Virtualization 4: Red Hat OpenStack Platform 16.2: Red Hat OpenStack Platform 17.1: Red Hat OpenStack Platform 18.0: Red Hat Quay 3: Red Hat Satellite 6: Red Hat Service Interconnect 1: Red Hat Service Interconnect 2: Red Hat Trusted Artifact Signer: Red Hat Web Terminal: Red Hat Security Profiles Operator: Red Hat Service Telemetry Framework 1.5: Red Hat streams for Apache Kafka 3: Red Hat Zero Trust Workload Identity Manager: Red Hat Zero Trust Workload Identity Manager - Tech Preview: Red Hat OpenShift Service Mesh 2: Red Hat OpenShift Service Mesh 3: Red Hat 3scale API Management Platform 2: Red Hat AMQ Clients:

Exploit Probability

EPSS
0.50%
Percentile
39.06%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.