Skip to content

CVE-2026-39821 #48

Description

@opensourceways-bot

一、漏洞信息
漏洞编号:CVE-2026-39821
漏洞归属组件:net
漏洞归属分支:默认分支
漏洞归属的版本:v0.23.0
漏洞修复版本: 0.55.0
CVSS分值:
 BaseScore: 8.2 High
 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

漏洞简述:
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".

漏洞公开时间:2026-05-22 16:16:20
漏洞创建时间:2026-06-24 02:58:27
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2026-39821

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions