PT-2026-38565 · Go+8 · Go+79

Samy Ghannad

Published

2026-04-23

Updated

2026-05-21

CVE-2026-39823

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description URLs are not correctly escaped within the content attribute of a <meta> tag. If the URL content contains ASCII whitespaces around the = rune, the escaper fails to process it correctly, which can lead to Cross-Site Scripting (XSS), a technique where malicious scripts are injected into trusted websites.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2026-07954

BIT-GOLANG-2026-39823

CLEANSTART-2026-AN32474

CLEANSTART-2026-AP95632

CLEANSTART-2026-AQ65185

CLEANSTART-2026-AY89602

CLEANSTART-2026-BD19566

CLEANSTART-2026-BG69533

CLEANSTART-2026-BN09969

CLEANSTART-2026-BN28456

CLEANSTART-2026-BR79647

CLEANSTART-2026-BS27946

CLEANSTART-2026-CD71342

CLEANSTART-2026-CD91667

CLEANSTART-2026-CF88804

CLEANSTART-2026-CH40794

CLEANSTART-2026-CK61704

CLEANSTART-2026-CR00119

CLEANSTART-2026-DA99134

CLEANSTART-2026-DH72490

CLEANSTART-2026-DM19620

CLEANSTART-2026-EI06494

CLEANSTART-2026-FC24138

CLEANSTART-2026-GB02436

CLEANSTART-2026-GB36430

CLEANSTART-2026-GB83728

CLEANSTART-2026-GE45898

CLEANSTART-2026-GJ69402

CLEANSTART-2026-GQ00159

CLEANSTART-2026-GR41888

CLEANSTART-2026-GU95761

CLEANSTART-2026-GY76045

CLEANSTART-2026-GZ35045

CLEANSTART-2026-HJ72983

CLEANSTART-2026-HM31566

CLEANSTART-2026-IP78312

CLEANSTART-2026-IW91368

CLEANSTART-2026-JO51351

CLEANSTART-2026-JQ70227

CLEANSTART-2026-KA21986

CLEANSTART-2026-KD85000

CLEANSTART-2026-KL61187

CLEANSTART-2026-KO66630

CLEANSTART-2026-LA67881

CLEANSTART-2026-LG79681

CLEANSTART-2026-LI56163

CLEANSTART-2026-LN66182

CLEANSTART-2026-MI82983

CLEANSTART-2026-MJ60235

CLEANSTART-2026-MK07381

CLEANSTART-2026-ML42911

CLEANSTART-2026-MR50866

CLEANSTART-2026-MV81821

CLEANSTART-2026-MX15076

CLEANSTART-2026-MX56097

CLEANSTART-2026-NT10973

CLEANSTART-2026-OB67529

CLEANSTART-2026-OD56729

CLEANSTART-2026-OF37807

CLEANSTART-2026-OH43332

CLEANSTART-2026-OR40192

CLEANSTART-2026-OX06093

CLEANSTART-2026-OX51942

CLEANSTART-2026-PB32291

CLEANSTART-2026-PK19530

CLEANSTART-2026-PL75416

CLEANSTART-2026-PV53006

CLEANSTART-2026-PX23055

CLEANSTART-2026-QL45485

CLEANSTART-2026-QO29688

CLEANSTART-2026-QO30809

CLEANSTART-2026-QP84300

CLEANSTART-2026-QR52625

CLEANSTART-2026-QS87161

CLEANSTART-2026-QU88766

CLEANSTART-2026-RD75979

CLEANSTART-2026-RX06063

CLEANSTART-2026-RZ44006

CLEANSTART-2026-RZ88142

CLEANSTART-2026-SE34232

CLEANSTART-2026-SE90004

CLEANSTART-2026-SL86558

CLEANSTART-2026-TD06078

CLEANSTART-2026-TD94714

CLEANSTART-2026-TH33219

CLEANSTART-2026-TK06108

CLEANSTART-2026-TL66481

CLEANSTART-2026-UF28691

CLEANSTART-2026-UY49411

CLEANSTART-2026-VJ54611

CLEANSTART-2026-VU08393

CLEANSTART-2026-VW96633

CLEANSTART-2026-WB86581

CVE-2026-39823

GO-2026-4982

OPENSUSE-SU-2026:10723-1

OPENSUSE-SU-2026:10741-1

Affected Products

Aws-Privateca-Issuer

Aws-Privateca-Issuer-Fips

Cert-Manager

Cert-Manager-Cmctl-Fips

Cert-Manager-Webhook-Pdns-Fips

Cilium

Cloudnative-Pg-Fips

Configmap-Reload

Confluent-Cp-Docker-Utils

Confluent-Kafka

Druid-Exporter-Fips

Elastic-Beats

Go1.25

Go1.26

Golang

Golang-1.10

Golang-1.13

Golang-1.14

Golang-1.15

Golang-1.16

Golang-1.17

Golang-1.18

Golang-1.19

Golang-1.20

Golang-1.21

Golang-1.22

Golang-1.23

Golang-1.24

Golang-1.25

Golang-1.26

Golang-1.6

Golang-1.8

Golang-1.9

Gptscript

Html/Template

Ingress-Nginx-Controller-1.15

K8Ssandra-Client-Fips

Karpenter

Karpenter-Fips

Keda

Keda-Fips

Kubernetes Dashboard

Kubernetes-Dashboard-Fips

Kubernetes-Dashboard-Web

Kubernetes-Dns-Node-Cache

Kubernetes-Fips

Kyverno-Fips

Linkerd2

Mailpit

Metacontroller

Minio-Operator-Fips

Modelmesh-Runtime-Adapter

Mongodb

Opensearch-K8S-Operator-Fips

Percona-Xtradb-Cluster-Operator-Fips

Prometheus

Prometheus-Mysqld-Exporter

Prometheus-Operator

Prometheus-Redis-Exporter-Fips

Rabbitmq-Cluster-Operator

Rabbitmq-Messaging-Topology-Operator

Rclone

Restic-Fips

Sealed-Secrets

Spark-Operator

Stdlib

Terragrunt-Fips

Velero

Velero-Fips

Velero-Plugin-For-Gcp-Fips

Velero-Plugin-For-Microsoft-Azure-Fips

Wave

Wave-Fips

Weaviate

Weaviate-Fips

Yunikorn-K8Shim

Yunikorn-K8Shim-Fips

Yunikorn-Web-Fips

Zot

PT-2026-38565 · Go+8 · Go+79

CVE-2026-39823

Weakness Enumeration

Related Identifiers

Affected Products

References · 514