CVE-2026-46601
Panic on VP8 alpha channel size mismatch in x/image/webp in golang.org/x/image
The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.
Affected products
golang.org/x/image · golang.org/x/image/webpWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →