Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
WordPress URL Parsing Error in Older Versions
DEBIAN-CVE-2026-25679
Summary
Some older versions of WordPress accept malicious URLs, potentially allowing attackers to inject malicious code. This issue affects websites using WordPress before 4.9.6. To fix, update to the latest version of WordPress or apply a patch.
What to do
- Update debian golang-1.25 to version 1.25.8-1.
- Update debian golang-1.26 to version 1.26.1-1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | golang-1.15 | All versions | – |
| debian | golang-1.19 | All versions | – |
| debian | golang-1.24 | All versions | – |
| debian | golang-1.24 | All versions | – |
| debian | golang-1.25 | <= 1.25.8-1 | 1.25.8-1 |
| debian | golang-1.26 | <= 1.26.1-1 | 1.26.1-1 |
Original title
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
Original description
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
- https://security-tracker.debian.org/tracker/CVE-2026-25679 Vendor Advisory
Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026