Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

go

Source -

NVDADPCNA

CNA CVEs -

2

ADP CVEs -

5

CISA CVEs -

0

NVD CVEs -

170
Related CVEsRelated VendorsRelated AssignersReports
173Vulnerabilities found

CVE-2026-45325
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.27% / 18.45%
||
7 Day CHG~0.00%
Published-16 Jul, 2026 | 16:41
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gestor de Oferta: Prototype pollution in @tmlmobilidade/utils setValueAtPath

Gestor de Oferta is a web application for managing mobility service offerings. Prior to 20260509.0340.15, @tmlmobilidade/utils has a prototype pollution vulnerability in setValueAtPath() in packages/utils/src/generic/value-at-path.ts because unsafe path segments are not blocked. This issue is fixed in version 20260509.0340.15.

Action-Not Available
Vendor-tmlmobilidade
Product-go
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2026-42505
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 33.45%
||
7 Day CHG-0.01%
Published-08 Jul, 2026 | 15:46
Updated-13 Jul, 2026 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking Encrypted Client Hello privacy leak in crypto/tls

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/tls
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2026-39822
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.8||HIGH
EPSS-0.18% / 8.05%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 15:46
Updated-13 Jul, 2026 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Root escape via symlink plus trailing slash in os

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.

Action-Not Available
Vendor-Go standard libraryGo
Product-goos
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2023-54365
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.57% / 43.22%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 12:12
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability.

Action-Not Available
Vendor-traefikTraefikRed Hat, Inc.Go
Product-traefikopenshift_aigoTraefikRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Dev Spaces
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-39820
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.94%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/mailRed Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Multiarch Tuning OperatorRed Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift GitOpsRed Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8OpenShift ServerlessRed Hat Ceph Storage 9Red Hat Developer Hub 1.9Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenStack Platform 16.2Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6Red Hat Developer Hub 1.10Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesLogical Volume Manager StorageRed Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Lightspeed for Runtimes OperatorMulticluster Global HubRed Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-42501
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.23% / 13.85%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-13 May, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malicious module proxy can bypass checksum database in cmd/go

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module's dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running "rm go.sum ; go mod tidy ; go mod verify", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.

Action-Not Available
Vendor-Go toolchainGo
Product-gocmd/go
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33811
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.92%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonetRed Hat OpenShift GitOps 1.21Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Multiarch Tuning OperatorRed Hat Connectivity Link 1Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorZero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Web Terminalstreams for Apache Kafka 3Red Hat 3scale API Management Platform 2External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Migration Toolkit for ContainersRed Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat OpenShift GitOps 1.20OpenShift ServerlessRed Hat Ceph Storage 9Compliance OperatorOpenShift Source-to-Image (S2I)Migration Toolkit for Applications 8Red Hat Developer Hub 1.9OpenShift LightspeedRHEM 1.0 for RHEL 9Red Hat Edge Manager 1.0Power monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Edge Manager 1.1multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat OpenShift Dev SpacesRed Hat AMQ ClientsLogical Volume Manager StorageFence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Lightspeed for Runtimes OperatorRed Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubRed Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1341
Multiple Releases of Same Resource or Handle
CWE ID-CWE-415
Double Free
CVE-2026-42499
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.80% / 52.41%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic string concatenation in consumePhrase in net/mail

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/mailRed Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Multiarch Tuning OperatorRed Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift GitOpsRed Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8OpenShift ServerlessRed Hat Ceph Storage 9Red Hat Developer Hub 1.9Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenStack Platform 16.2Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6Red Hat Developer Hub 1.10Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesLogical Volume Manager StorageRed Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Lightspeed for Runtimes OperatorMulticluster Global HubRed Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1046
Creation of Immutable Text Using String Concatenation
CVE-2026-33814
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.87%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-15 Jul, 2026 | 02:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Action-Not Available
Vendor-Go standard librarygolang.org/x/netRed Hat, Inc.Go
Product-http2gonet/httpgolang.org/x/net/http2OpenShift Service Mesh 2Red Hat OpenShift Service Mesh 3.1Red Hat Enterprise Linux 10OpenShift API for Data ProtectionMulticluster Engine for KubernetesRed Hat Advanced Cluster Management for Kubernetes 2Red Hat OpenShift Service Mesh 3.3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Service Mesh 3.2Red Hat Enterprise Linux 8Red Hat OpenShift Service Mesh 3Red Hat OpenShift Virtualization 4Cluster Observability Operator 1.5.0Red Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-32280
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.47%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected work during chain building in crypto/x509

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Cryostat 4 on RHEL 9Red Hat OpenShift distributed tracing 3.9.3Red Hat Connectivity Link 1Red Hat Quay 3.16Red Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsmulticluster engine for Kubernetes 2.17Red Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Custom Metric Autoscaler 2.19Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Quay 3.14Migration Toolkit for Applications 8RHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3RHEM 1.1 for RHEL 10Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Quay 3.15Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionsmulticluster engine for Kubernetes 2.8mirror registry for Red Hat OpenShiftRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AI Inference ServerNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Service Interconnect 1OpenShift API for Data Protection 1.4Red Hat OpenShift Virtualization 4HawtIO HawtIO 4.4.0Red Hat OpenStack Services on OpenShift 18.0Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenStack 1.5Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4streams for Apache Kafka 3Red Hat Enterprise Linux 7 Extended Lifecycle SupportExternal Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.10Red Hat Enterprise Linux 7Red Hat OpenShift Dev Spaces 3.28Gatekeeper 3Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat OpenShift Dev Workspaces OperatorRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Quay 3.17OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4multicluster engine for Kubernetes 2.11Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Edge Manager 1.1Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1multicluster engine for Kubernetes 2.6Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Multicluster Global Hub 1.6.2Logical Volume Manager Storagemirror registry for Red Hat OpenShift 2.0Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9.6 Extended Update SupportOpenShift API for Data Protection 1.5Red Hat OpenShift Service Mesh 3Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Multicluster Global Hub 1.4.5
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-32281
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.15%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient policy validation in crypto/x509

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/x509
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-27140
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

Action-Not Available
Vendor-Go toolchainRed Hat, Inc.Go
Product-gocmd/goRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsOpenShift Service Mesh 2Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportOpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat OpenShift Virtualization 4Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-641
Improper Restriction of Names for Files and Other Resources
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-32283
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.79%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/tlsCryostat 4 on RHEL 9Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Red Hat JBoss Web Server 6Red Hat Developer HubRed Hat Connectivity Link 1Multicluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerRed Hat Web Terminalstreams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat Enterprise Linux 7 Extended Lifecycle SupportExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Custom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat AMQ Broker 7Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorOpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRHEM 1.1 for RHEL 10Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationRed Hat Enterprise Linux 8.6 Update Services for SAP Solutionsmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux 9.4 Extended Update SupportMulticluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Red Hat AI Inference ServerLogical Volume Manager StorageFence Agents Remediation OperatorRed Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Multicluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-764
Multiple Locks of a Critical Resource
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-32288
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 20.96%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unbounded allocation for old GNU sparse in archive/tar

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

Action-Not Available
Vendor-Go standard libraryGo
Product-goarchive/tar
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-27143
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 41.58%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing bound checks can lead to memory corruption in safe Go in cmd/compile

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.

Action-Not Available
Vendor-Go toolchainGo
Product-gocmd/compile
CVE-2026-27144
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.1||HIGH
EPSS-0.26% / 17.65%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.

Action-Not Available
Vendor-Go toolchainGo
Product-gocmd/compile
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-33810
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.24%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Cryostat 4 on RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Red Hat Developer HubRed Hat Connectivity Link 1Multicluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerLogging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Builds 1.6.5Logging Subsystem for Red Hat OpenShift 6.0streams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWSRed Hat Web Terminal 1.15Network Observability Operatorcert-manager Operator for Red Hat OpenShiftRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenShift Dev Spaces 3.28Red Hat OpenStack Platform 18.0Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Red Hat Edge Manager 1.0Power monitoring for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.6Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat OpenShift Builds 1.7.4Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Edge Manager 1.1Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat Enterprise Linux 9.4 Extended Update SupportMulticluster Global Hub 1.6.2Red Hat AI Inference ServerLogical Volume Manager StorageRed Hat Web Terminal 1.12Fence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat Enterprise Linux 9.6 Extended Update SupportOpenShift API for Data Protection 1.4OpenShift API for Data Protection 1.5Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersHawtIO HawtIO 4.4.0Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1289
Improper Validation of Unsafe Equivalence in Input
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-32289
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 20.97%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JsBraceDepth Context Tracking Bugs (XSS) in html/template

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.

Action-Not Available
Vendor-Go standard libraryGo
Product-gohtml/template
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-32282
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.4||MEDIUM
EPSS-0.29% / 21.10%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.

Action-Not Available
Vendor-Go standard libraryGo
Product-gointernal/syscall/unix
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-27142
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 24.91%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-21 Apr, 2026 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URLs in meta content attribute actions are not escaped in html/template

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.

Action-Not Available
Vendor-Go standard libraryGo
Product-gohtml/template
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27139
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-2.5||LOW
EPSS-0.20% / 10.09%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-21 Apr, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FileInfo can escape from a Root in os

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.

Action-Not Available
Vendor-Go standard libraryGo
Product-goos
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-25679
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.73% / 50.08%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect parsing of IPv6 host literals in net/url

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/urlCryostat 4 on RHEL 9Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat OpenShift distributed tracing 3.9.3Red Hat Connectivity Link 1Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Custom Metric Autoscaler 2.19Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportNode HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Quay 3.14Migration Toolkit for Applications 8RHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftOpenShift File Integrity Operator - FIO 1Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14DevWorkspace Operator 0.4Red Hat Satellite 6.19 for RHEL 9Red Hat Advanced Cluster Management for Kubernetes 2.15ExternalDNS OperatorRed Hat Enterprise Linux AI 3.3OpenShift PipelinesSecurity Profiles OperatorRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3RHEM 1.1 for RHEL 10Red Hat OpenShift Container Platform 4.13Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Quay 3.15Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionsmirror registry for Red Hat OpenShiftRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AMQ ClientsNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Service Interconnect 1OpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Red Hat Update Infrastructure 5Red Hat OpenShift Virtualization 4Red Hat OpenStack Services on OpenShift 18.0Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenStack 1.5Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Enterprise Linux 9.2 Update Services for SAP Solutionsstreams for Apache Kafka 3Red Hat Enterprise Linux 7 Extended Lifecycle SupportExternal Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftRed Hat Enterprise Linux 7Gatekeeper 3Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Ansible Automation Platform 2.5 for RHEL 9OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Logging Subsystem for Red Hat OpenShift 6.2OpenShift ServerlessRed Hat Quay 3.12Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Satellite 6.18Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Edge Manager 1.1Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux 8.2 Advanced Update Supportmirror registry for Red Hat OpenShift 2.0Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 9.6 Extended Update SupportOpenShift API for Data Protection 1.5Red Hat OpenShift Service Mesh 3Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Multicluster Global Hub 1.4.5
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2026-27138
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.9||MEDIUM
EPSS-0.35% / 27.25%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-21 Apr, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Panic in name constraint checking for malformed certificates in crypto/x509

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/x509
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-27137
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.05%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect enforcement of email constraints in crypto/x509

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18mirror registry for Red Hat OpenShift 2Service Telemetry Framework 1.5Red Hat Developer HubRed Hat Connectivity Link 1Red Hat Quay 3.16Multicluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerLogging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Builds 1.6.5Logging Subsystem for Red Hat OpenShift 6.0streams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWSRed Hat Web Terminal 1.15Network Observability Operatorcert-manager Operator for Red Hat OpenShiftRed Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Red Hat OpenShift GitOps 1.20Logging Subsystem for Red Hat OpenShift 6.2Compliance OperatorRed Hat Advanced Cluster Security 4OpenShift ServerlessMigration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat OpenShift Builds 1.7.4DevWorkspace Operator 0.4ExternalDNS OperatorRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Satellite 6.18OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat Edge Manager 1Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Web Terminal 1.12Fence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat Enterprise Linux 9.6 Extended Update SupportOpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4OpenShift API for Data Protection 1.5Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-66630
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-0.47% / 37.74%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 18:04
Updated-28 Feb, 2026 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.

Action-Not Available
Vendor-gofibergofiberGo
Product-fibergofiber
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2025-68121
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.77% / 51.34%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 17:48
Updated-29 Apr, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected session resumption in crypto/tls

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/tls
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-61732
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-8.6||HIGH
EPSS-0.47% / 37.81%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 03:42
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential code smuggling via doc comments in cmd/cgo

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Action-Not Available
Vendor-Go toolchainRed Hat, Inc.Go
Product-gocmd/cgoRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat OpenShift Dev Spaces (RHOSDS) 3.26Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.15Red Hat OpenShift Service Mesh 3.2Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat OpenShift Service Mesh 2.6Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat OpenShift Service Mesh 3Red Hat OpenShift Virtualization 4Red Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.16Red Hat Hardened Images
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-22873
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-3.8||LOW
EPSS-0.24% / 14.76%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 23:05
Updated-10 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access to parent directory of root in os

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.

Action-Not Available
Vendor-Go standard libraryGo
Product-goos
CWE ID-CWE-23
Relative Path Traversal
CVE-2025-61728
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 46.72%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:30
Updated-06 Feb, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Excessive CPU consumption when building archive index in archive/zip

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

Action-Not Available
Vendor-Go standard libraryGo
Product-goarchive/zip
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-61726
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-1.94% / 77.92%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:30
Updated-17 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory exhaustion in query parameter parsing in net/url

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/urlCryostat 4 on RHEL 9Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat OpenShift distributed tracing 3.9.3Red Hat Connectivity Link 1Multiarch Tuning OperatorRed Hat OpenShift Dev Spaces (RHOSDS) 3.26Red Hat Quay 3.16Multicluster Engine for KubernetesDeployment Validation OperatorRed Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Migration Toolkit for ContainersRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Satellite 6.18 for RHEL 9Red Hat OpenShift distributed tracing 3Red Hat Enterprise Linux 8Red Hat OpenShift GitOps 1.17Red Hat Quay 3.14Migration Toolkit for Applications 8Power monitoring for Red Hat OpenShiftOpenShift File Integrity Operator - FIO 1Red Hat OpenShift AI 2.25OpenShift Developer Tools and Services 1.6.2Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14DevWorkspace Operator 0.4ExternalDNS OperatorRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Ceph Storage 5Zero Trust Workload Identity Manager 1OpenShift PipelinesFile Integrity OperatorRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Openshift Data Foundation 4.19Red Hat Trusted Artifact Signer 1.3Red Hat Web Terminal 1.11Red Hat OpenShift Container Platform 4.13Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Ceph Storage 8Red Hat Ansible Automation Platform 2.4 for RHEL 9Red Hat Quay 3.15Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionsmulticluster engine for Kubernetes 2.8mirror registry for Red Hat OpenShiftRed Hat OpenShift Dev SpacesRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AMQ ClientsNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat OpenShift AI 2.16Red Hat Quay 3.9Red Hat Service Interconnect 1OpenShift API for Data Protection 1.4Cert Manager support for Red Hat OpenShift release 1.17Red Hat OpenShift Dev Spaces 3.27Red Hat Update Infrastructure 5Cryostat 4Red Hat OpenShift Virtualization 4HawtIO HawtIO 4.4.0Red Hat OpenStack Services on OpenShift 18.0Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Logging Subsystem for Red Hat OpenShift 6.3Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18Red Hat Ceph Storage 7external secrets operator for Red Hat OpenShift 1.0Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle Supportcert-manager Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.10multicluster engine for Kubernetes 2.9Red Hat Enterprise Linux 7Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.4 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat OpenShift AI 3.3Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Ansible Automation Platform 2.5 for RHEL 9OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Logging Subsystem for Red Hat OpenShift 6.2OpenShift ServerlessRed Hat Quay 3.12OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Satellite 6.18OpenShift API for Data ProtectionRed Hat Certification Program for Red Hat Enterprise Linux 9Streams for Apache Kafka 3.2.0Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Openshift Data Foundation 4.18Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1multicluster engine for Kubernetes 2.6Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux 8.2 Advanced Update Supportmirror registry for Red Hat OpenShift 2.0Node Maintenance OperatorRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 9.6 Extended Update Supportmulticluster engine for Kubernetes 2.7HawtIO HawtIO 4.3.1OpenShift API for Data Protection 1.5Red Hat OpenShift Service Mesh 3Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftMulticluster Global Hub 1.4.5
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-61730
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 19.52%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:30
Updated-03 Feb, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Handshake messages may be processed at the incorrect encryption level in crypto/tls

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/tls
CVE-2025-61731
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.8||HIGH
EPSS-0.53% / 41.36%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:30
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file write using cgo pkg-config directive in cmd/go

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.

Action-Not Available
Vendor-Go toolchainRed Hat, Inc.Go
Product-gocmd/goRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.15Red Hat OpenShift Service Mesh 3.2Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.14Red Hat OpenShift Service Mesh 2.6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat OpenShift Service Mesh 3Red Hat OpenShift Virtualization 4Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat OpenShift Container Platform 4.16Red Hat Hardened Images
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2025-68119
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7||HIGH
EPSS-0.34% / 25.74%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:30
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected code execution when invoking toolchain in cmd/go

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.

Action-Not Available
Vendor-Go toolchainGo
Product-gocmd/go
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-68120
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.4||MEDIUM
EPSS-0.42% / 33.90%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 23:46
Updated-06 Jan, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected untrusted code execution in github.com/golang/vscode-go

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

Action-Not Available
Vendor-github.com/golang/vscode-goGo
Product-gogithub.com/golang/vscode-go
CVE-2025-61727
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 19.38%
||
7 Day CHG~0.00%
Published-03 Dec, 2025 | 19:37
Updated-18 Dec, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/x509
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-61729
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.95%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 18:54
Updated-19 Dec, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/x509
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-61724
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 41.05%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 22:10
Updated-29 Jan, 2026 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Excessive CPU consumption in Reader.ReadResponse in net/textproto

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

Action-Not Available
Vendor-Go standard libraryGo
Product-gonet/textproto
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58188
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.40%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 22:10
Updated-29 Jan, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Panic when validating certificates with DSA public keys in crypto/x509

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/x509
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-58185
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 41.05%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 22:10
Updated-06 Feb, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

Action-Not Available
Vendor-Go standard libraryGo
Product-goencoding/asn1
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-47912
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.44% / 35.86%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 22:10
Updated-29 Jan, 2026 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient validation of bracketed IPv6 hostnames in net/url

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

Action-Not Available
Vendor-Go standard libraryGo
Product-gonet/url
CVE-2025-61723
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.63% / 46.00%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 22:10
Updated-29 Jan, 2026 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic complexity when parsing some invalid inputs in encoding/pem

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

Action-Not Available
Vendor-Go standard libraryGo
Product-goencoding/pem
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58189
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.44% / 35.86%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 22:10
Updated-29 Jan, 2026 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/tls
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-58187
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.72%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 22:10
Updated-29 Jan, 2026 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic complexity when checking name constraints in crypto/x509

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/x509
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2025-47906
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 38.86%
||
7 Day CHG~0.00%
Published-18 Sep, 2025 | 18:41
Updated-27 Jan, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected paths returned from LookPath in os/exec

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Action-Not Available
Vendor-Go standard libraryGo
Product-goos/exec
CVE-2025-47907
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7||HIGH
EPSS-0.36% / 27.82%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 15:25
Updated-29 Jan, 2026 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect results returned from Rows.Scan in database/sql

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

Action-Not Available
Vendor-Go standard libraryGo
Product-godatabase/sql
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-4674
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-8.6||HIGH
EPSS-0.27% / 19.29%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 21:19
Updated-29 Jan, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

Action-Not Available
Vendor-Go toolchainGo
Product-gocmd/go
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-0913
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 15.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 17:17
Updated-08 Aug, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Action-Not Available
Vendor-Go standard libraryMicrosoft CorporationGo
Product-gowindowssyscallos
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-24789
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 36.12%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 15:13
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mishandling of corrupt central directory record in archive/zip

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

Action-Not Available
Vendor-Go standard libraryGo
Product-goarchive/zipgo
CVE-2024-24790
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.8||CRITICAL
EPSS-1.95% / 78.00%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 15:13
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Action-Not Available
Vendor-Go standard libraryGo
Product-gonet/netipgo
CVE-2024-24787
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.4||MEDIUM
EPSS-0.76% / 51.16%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 15:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary code execution during build on Darwin in cmd/go

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

Action-Not Available
Vendor-Go toolchainGo
Product-cmd/gogo
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next