Vulnerability Summary: XML element instability in Go's encoding/xml package. CVE ID: CVE-2020-29511 Weakness: CWE-115: Misinterpretation of Input CVSS Rating: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Component: encoding/xml in Go Affected Versions: All versions Description: This vulnerability results from the handling of namespace prefixes on XML elements by Go's , leading to crafted markup mutating during round-trips through and . This can alter namespace and local name of XML elements, impacting applications relying on XML integrity. Impact: Mutations during encoding round-trips can cause security-sensitive applications to make incorrect or conflicting decisions. For instance, a SAML implementation may interpret an unsigned part of a document as signed, leading to authentication bypass and privilege escalation. Workaround: The module can detect unstable constructs in an XML document and prevent exploitation by failing early if an error is encountered.