CVE-2026-27142

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions AWS Lambda (affected versions not specified)

Description Actions that insert URLs into the content attribute of HTML meta tags are not properly escaped. This can lead to cross-site scripting (XSS) if the meta tag also includes an http-equiv attribute set to "refresh". A new GODEBUG setting,

htmlmetacontenturlescape

, has been introduced to control URL escaping in actions within the meta content attribute following "url=". Disabling URL escaping can be achieved by setting

htmlmetacontenturlescape

to 0. The issue impacts stdlib in 27 Lambda base images.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-27142

GO-2026-4603

OPENSUSE-SU-2026:10299-1

Affected Products

Aws-Lambda

Stdlib

CVE-2026-27142

Related Identifiers

Affected Products

References · 19