This page collects WhisperX intelligence signals tagged #CVE-2026-39826. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security bypass has been disclosed in Go's `html/template` package that enables cross-site scripting through dynamic content injection into `<script>` blocks. The vulnerability exploits how the escaper handles non-standard `type` attribute values, specifically empty strings, whitespace, and tab characters. A...
A logic error in Go's `html/template` package allows certain inputs to circumvent context-aware escaping protections, enabling cross-site scripting attacks against web applications that rely on the standard library for safe HTML rendering. The vulnerability, officially cataloged as CVE-2026-39826 and tracked under iden...