cbcvebase.
CVE-2026-27141
published 2026-02-26

CVE-2026-27141: Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.50%
39.0th percentile
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
debiangolang-golang-x-net
github.comtraefik_traefik_v2>= 0 < 2.11.402.11.40
github.comtraefik_traefik_v3>= 0 < 3.6.103.6.10
golang.orgx_net>= 0.50.0 < 0.51.00.51.0
golang.orgx_net_golang.org_x_net_http2>= 0.50.0 < 0.51.00.51.0
msrcazl3_application-gateway-kubernetes-ingress_1.7.7-3
msrcazl3_azcopy_10.25.1-4
msrcazl3_azurelinux-image-tools_1.2.0-1
msrcazl3_cert-manager_1.12.15-6
msrcazl3_cf-cli_8.7.11-5
msrcazl3_cloud-provider-kubevirt_0.5.1-3
msrcazl3_containerd2_2.0.0-18
msrcazl3_containerized-data-importer_1.62.0-2
msrcazl3_coredns_1.11.4-14
msrcazl3_cri-tools_1.32.0-4
msrcazl3_docker-buildx_0.14.0-10
msrcazl3_docker-cli_25.0.7-2
msrcazl3_docker-compose_2.27.0-8
msrcazl3_etcd_3.5.21-1
msrcazl3_flannel_0.24.2-24
msrcazl3_gh_2.62.0-13
msrcazl3_git-lfs_3.6.1-2
msrcazl3_influxdb_2.7.5-13
msrcazl3_jx_3.10.182-3
msrcazl3_kata-containers_3.19.1.kata2-6

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_debian7.5LOW
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.