Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
HTTP/2 Server Crashes when Receiving Invalid Frames
UBUNTU-CVE-2026-27141
Summary
A bug in a web server may cause it to stop working when receiving certain types of HTTP/2 data. This could lead to a server outage, making it unavailable to users. To fix this issue, update the server software to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| canonical | golang-golang-x-net-dev | All versions | – |
| canonical | juju-core | All versions | – |
| canonical | lxd | All versions | – |
| canonical | containerd | All versions | – |
| canonical | google-guest-agent | All versions | – |
| canonical | lxd | All versions | – |
| canonical | containerd | All versions | – |
| canonical | golang-golang-x-net-dev | All versions | – |
| canonical | google-guest-agent | All versions | – |
| canonical | adsys | All versions | – |
| canonical | containerd | All versions | – |
| canonical | google-guest-agent | All versions | – |
| canonical | golang-golang-x-net-dev | All versions | – |
| canonical | lxd | All versions | – |
| canonical | adsys | All versions | – |
| canonical | containerd | All versions | – |
| canonical | google-guest-agent | All versions | – |
| canonical | adsys | All versions | – |
| canonical | google-guest-agent | All versions | – |
| canonical | containerd | All versions | – |
| canonical | adsys | All versions | – |
| canonical | containerd | All versions | – |
| canonical | google-guest-agent | All versions | – |
Original title
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
Original description
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
osv CVSS3.1
7.5
- https://ubuntu.com/security/CVE-2026-27141 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-27141 Third Party Advisory
- https://github.com/golang/go/issues/77652 Third Party Advisory
- https://go.dev/cl/746180 Third Party Advisory
- https://go.dev/issue/77652 Third Party Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-27141 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-4559 Third Party Advisory
Published: 26 Feb 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026