CVE-2026-27141

Publication date 27 February 2026

Last updated 27 February 2026

Ubuntu priority

Why this priority?

Description

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
golang-golang-x-net	25.10 questing	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
google-guest-agent	25.10 questing	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
containerd	25.10 questing	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
golang-golang-x-net-dev	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
adsys	25.10 questing	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
juju-core	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	16.04 LTS xenial	Needs evaluation
lxd	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

Notes

octagalland

google-guest-agent, adsys, juju-core and lxd contain a vendored copy of golang-golang-x-net

mdeslaur

containerd contains a vendored copy of golang-golang-x-net

References

Other references