The HTML parser did not properly handle multiple duplicate attributes, causing
the parser to misparse certain HTML trees. This can cause XSS when rendering
parsed HTML.
Thanks to ensy for reporting this issue.
This is CVE-2026-27136 and Go issue https://go.dev/issue/79575.
This was a PRIVATE track issue, tracked in http://b/482232950.
The HTML parser did not properly handle multiple duplicate attributes, causing
the parser to misparse certain HTML trees. This can cause XSS when rendering
parsed HTML.
Thanks to ensy for reporting this issue.
This is CVE-2026-27136 and Go issue https://go.dev/issue/79575.
This was a PRIVATE track issue, tracked in http://b/482232950.