CVE-2026-25680: Go net/html DoS Vulnerability on Azure
🟠 High | Source: Microsoft Security Response Center CVE-2026-25680 is a denial-of-service vulnerability in the Go standard library package golang.org/x/net/html, triggered by parsing maliciously crafted HTML. An attacker could exploit this to crash or hang services that process arbitrary HTML input. This is particularly relevant to Azure-hosted Go applications and any managed services or pipelines built on the affected package. Security Architect’s Take: Audit your Azure workloads and container images for any Go applications that import golang.org/x/net/html and process untrusted HTML input — patch to the fixed version of golang.org/x/net immediately and enforce dependency scanning in your CI/CD pipelines to catch similar library-level issues going forward. ...