CVE-2026-33814 | http2-net-http up to 0.52.x on Go SETTINGS_MAX_FRAME_SIZE infinite loop

A vulnerability labeled as problematic has been found in http2-net-http up to 0.52.x on Go. This affects an unknown function. Such manipulation of the argument SETTINGS_MAX_FRAME_SIZE leads to infinite loop.

This vulnerability is uniquely identified as CVE-2026-33814. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More