High CPU Overuse via Invalid MIME Header in Go mime before 1.25.11/1.26.4
CVE-2026-42504 Published on June 2, 2026

Quadratic complexity in WordDecoder.DecodeHeader in mime
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

NVD

Products Associated with CVE-2026-42504

Want to know whenever a new CVE is published for GoLang Go? stack.watch will email you.

GoLang Go

Affected Versions

Go standard library mime:

Before 1.25.11 is affected.
Version 1.26.0-0 and below 1.26.4 is affected.

High CPU Overuse via Invalid MIME Header in Go mime before 1.25.11/1.26.4CVE-2026-42504 Published on June 2, 2026

Products Associated with CVE-2026-42504

Affected Versions

High CPU Overuse via Invalid MIME Header in Go mime before 1.25.11/1.26.4
CVE-2026-42504 Published on June 2, 2026