CVE-2026-46597

Severity CVSS v4.0:
Pending analysis
Type:
CWE-704 Incorrect Type Conversion or Cast
Publication date:
22/05/2026
Last modified:
28/05/2026

Description

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:* 0.52.0 (excluding)