Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Go

BOS ID

-
BOSS-VENDOR-14765

Tags

-
N/A

Related Bos

-
Google LLC

Note

-

https://en.wikipedia.org/wiki/Go_(programming_language) https://github.com/golang https://go.dev/ https://go.dev/tos

Mapped CVEsMapped VendorsRelated AssignersReports
225Vulnerabilities found

CVE-2026-42505
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 33.45%
||
7 Day CHG-0.01%
Published-08 Jul, 2026 | 15:46
Updated-13 Jul, 2026 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking Encrypted Client Hello privacy leak in crypto/tls

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/tls
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2026-39822
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.8||HIGH
EPSS-0.18% / 8.05%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 15:46
Updated-13 Jul, 2026 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Root escape via symlink plus trailing slash in os

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.

Action-Not Available
Vendor-Go standard libraryGo
Product-goos
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2026-46604
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.35% / 26.83%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 20:22
Updated-01 Jul, 2026 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

Action-Not Available
Vendor-golang.org/x/imageGo
Product-tiffgolang.org/x/image/tiff
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-54365
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.57% / 43.22%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 12:12
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability.

Action-Not Available
Vendor-traefikTraefikRed Hat, Inc.Go
Product-traefikopenshift_aigoTraefikRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Dev Spaces
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-25680
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.07%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 15:01
Updated-29 May, 2026 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

Action-Not Available
Vendor-golang.org/x/netGo
Product-netgolang.org/x/net/html
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-42502
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 7.50%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 15:01
Updated-29 May, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

Action-Not Available
Vendor-golang.org/x/netGo
Product-netgolang.org/x/net/html
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2026-39821
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.6||CRITICAL
EPSS-0.48% / 38.18%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 15:01
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".

Action-Not Available
Vendor-golang.org/x/netRed Hat, Inc.Go
Product-netgolang.org/x/net/idnaZero Trust Workload Identity Manager - Tech PreviewMachine Deletion Remediation OperatorRed Hat Connectivity Link 1Multiarch Tuning OperatorRed Hat Developer HubRed Hat Enterprise Linux AI 3.4Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorZero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Openshift Data Foundation 4.22Red Hat Web TerminalRed Hat OpenShift Service Mesh 2.6Red Hat OpenShift Container Platform 4.22streams for Apache Kafka 3Red Hat OpenShift Builds 1.8.1Red Hat 3scale API Management Platform 2DevWorkspace Operator 0.42Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability Operatormulticluster engine for Kubernetes 2.9Red Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Migration Toolkit for ContainersRed Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat OpenShift GitOps 1.20OpenShift ServerlessCompliance OperatorRed Hat Ceph Storage 9Migration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat OpenShift Dev Spaces 3.29Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Ceph Storage 8Cluster Observability Operator 1.5.0Red Hat Edge Manager 1.1multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmulticluster engine for Kubernetes 2.8Logical Volume Manager StorageFence Agents Remediation OperatorMulticluster Global Hub 1.4.5Red Hat Quay 3.9Red Hat Lightspeed for Runtimes OperatorRed Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Red Hat Edge Manager 1.0Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1289
Improper Validation of Unsafe Equivalence in Input
CVE-2026-42506
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 8.57%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 15:01
Updated-29 May, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

Action-Not Available
Vendor-golang.org/x/netGo
Product-netgolang.org/x/net/html
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-46598
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 23.39%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-28 May, 2026 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.

Action-Not Available
Vendor-golang.org/x/cryptoGo
Product-cryptogolang.org/x/crypto/ssh/agent
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-46595
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-10||CRITICAL
EPSS-0.44% / 35.68%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Enterprise Linux AI 3.4Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Confidential Compute Attestationmulticluster engine for Kubernetes 2.8RHEM 1.1 for RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenShift Dev Spaces 3.29Red Hat Edge Manager 1.0Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42508
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.49% / 38.78%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/ssh/knownhostsRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesRed Hat Openshift Data Foundation 4.22Red Hat Advanced Cluster Management for Kubernetes 2.11Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)RHEM 1.1 for RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8OpenShift ServerlessRed Hat Ceph Storage 9Red Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-39834
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.47% / 37.42%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-28 May, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.

Action-Not Available
Vendor-golang.org/x/cryptoGo
Product-cryptogolang.org/x/crypto/ssh
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-39831
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.37% / 29.60%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-02 Jun, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback.

Action-Not Available
Vendor-golang.org/x/cryptoGo
Product-cryptogolang.org/x/crypto/ssh
CWE ID-CWE-862
Missing Authorization
CVE-2026-39829
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.71%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.6cert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Red Hat OpenShift on AWSmulticluster engine for Kubernetes 2.9Confidential Compute AttestationRHEM 1.1 for RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenShift Dev Spaces 3.29Red Hat Edge Manager 1.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-39830
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 41.42%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Confidential Compute AttestationRHEM 1.1 for RHEL 9Red Hat OpenShift Dev SpacesRed Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2026-39827
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 9.53%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-26 May, 2026 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection.

Action-Not Available
Vendor-golang.org/x/cryptoGo
Product-cryptogolang.org/x/crypto/ssh
CWE ID-CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CVE-2026-39835
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 31.68%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsRed Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Confidential Compute AttestationRHEM 1.1 for RHEL 9Red Hat OpenShift Dev SpacesRed Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-39828
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.3||MEDIUM
EPSS-0.31% / 23.47%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/sshRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesOpenShift PipelinesSecurity Profiles OperatorZero Trust Workload Identity ManagerRed Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.6cert-manager Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)Red Hat OpenShift on AWSConfidential Compute AttestationRHEM 1.1 for RHEL 9Red Hat OpenShift Dev SpacesRed Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Cryostat 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9Red Hat OpenShift for Windows ContainersRed Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-46597
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.20%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-28 May, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.

Action-Not Available
Vendor-golang.org/x/cryptoGo
Product-cryptogolang.org/x/crypto/ssh
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2026-39832
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 40.99%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/ssh/agentRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesOpenShift PipelinesRed Hat Trusted Artifact Signer 1.3Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsRed Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)RHEM 1.1 for RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8OpenShift ServerlessRed Hat Advanced Cluster Security 4Red Hat Ceph Storage 9Red Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Red Hat OpenShift Container Platform 4
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-39833
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.36% / 28.32%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-28 May, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.

Action-Not Available
Vendor-golang.org/x/cryptoGo
Product-cryptogolang.org/x/crypto/ssh/agent
CWE ID-CWE-862
Missing Authorization
CVE-2026-39820
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.94%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/mailRed Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Multiarch Tuning OperatorRed Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift GitOpsRed Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8OpenShift ServerlessRed Hat Ceph Storage 9Red Hat Developer Hub 1.9Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenStack Platform 16.2Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6Red Hat Developer Hub 1.10Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesLogical Volume Manager StorageRed Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Lightspeed for Runtimes OperatorMulticluster Global HubRed Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-42501
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.23% / 13.85%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-13 May, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malicious module proxy can bypass checksum database in cmd/go

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module's dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running "rm go.sum ; go mod tidy ; go mod verify", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.

Action-Not Available
Vendor-Go toolchainGo
Product-gocmd/go
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33811
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.92%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonetRed Hat OpenShift GitOps 1.21Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Multiarch Tuning OperatorRed Hat Connectivity Link 1Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorZero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Web Terminalstreams for Apache Kafka 3Red Hat 3scale API Management Platform 2External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Migration Toolkit for ContainersRed Hat Advanced Cluster Security for Kubernetes 4.11Red Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat OpenShift GitOps 1.20OpenShift ServerlessRed Hat Ceph Storage 9Compliance OperatorOpenShift Source-to-Image (S2I)Migration Toolkit for Applications 8Red Hat Developer Hub 1.9OpenShift LightspeedRHEM 1.0 for RHEL 9Red Hat Edge Manager 1.0Power monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Edge Manager 1.1multicluster engine for Kubernetes 2.6Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat OpenShift Dev SpacesRed Hat AMQ ClientsLogical Volume Manager StorageFence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Lightspeed for Runtimes OperatorRed Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Multicluster Global HubRed Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1341
Multiple Releases of Same Resource or Handle
CWE ID-CWE-415
Double Free
CVE-2026-42499
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.80% / 52.41%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quadratic string concatenation in consumePhrase in net/mail

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/mailRed Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Multiarch Tuning OperatorRed Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift GitOpsRed Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRed Hat OpenStack Platform 18.0Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 9Red Hat OpenShift distributed tracing 3OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8OpenShift ServerlessRed Hat Ceph Storage 9Red Hat Developer Hub 1.9Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenStack Platform 16.2Red Hat Ceph Storage 5OpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6Red Hat Developer Hub 1.10Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesLogical Volume Manager StorageRed Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Lightspeed for Runtimes OperatorMulticluster Global HubRed Hat Service Interconnect 1Red Hat OpenShift Service Mesh 3Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1046
Creation of Immutable Text Using String Concatenation
CVE-2026-33814
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.87%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 19:41
Updated-15 Jul, 2026 | 02:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Action-Not Available
Vendor-Go standard librarygolang.org/x/netRed Hat, Inc.Go
Product-http2gonet/httpgolang.org/x/net/http2OpenShift Service Mesh 2Red Hat OpenShift Service Mesh 3.1Red Hat Enterprise Linux 10OpenShift API for Data ProtectionMulticluster Engine for KubernetesRed Hat Advanced Cluster Management for Kubernetes 2Red Hat OpenShift Service Mesh 3.3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Openshift Data Foundation 4.22Red Hat OpenShift Service Mesh 3.2Red Hat Enterprise Linux 8Red Hat OpenShift Service Mesh 3Red Hat OpenShift Virtualization 4Cluster Observability Operator 1.5.0Red Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-606
Unchecked Input for Loop Condition
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-33812
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 1.62%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 19:21
Updated-13 May, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Excessive memory allocation when decoding malicious SFNT in golang.org/x/image

Parsing a malicious font file can cause excessive memory allocation.

Action-Not Available
Vendor-golang.org/x/imageGo
Product-imagegolang.org/x/image/font/sfnt
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-33813
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.28%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 19:21
Updated-25 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.

Action-Not Available
Vendor-golang.org/x/imageGo
Product-imagegolang.org/x/image/webp
CVE-2026-32280
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.47%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected work during chain building in crypto/x509

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Cryostat 4 on RHEL 9Red Hat OpenShift distributed tracing 3.9.3Red Hat Connectivity Link 1Red Hat Quay 3.16Red Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsmulticluster engine for Kubernetes 2.17Red Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Custom Metric Autoscaler 2.19Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Quay 3.14Migration Toolkit for Applications 8RHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3RHEM 1.1 for RHEL 10Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Quay 3.15Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionsmulticluster engine for Kubernetes 2.8mirror registry for Red Hat OpenShiftRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AI Inference ServerNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Service Interconnect 1OpenShift API for Data Protection 1.4Red Hat OpenShift Virtualization 4HawtIO HawtIO 4.4.0Red Hat OpenStack Services on OpenShift 18.0Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenStack 1.5Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4streams for Apache Kafka 3Red Hat Enterprise Linux 7 Extended Lifecycle SupportExternal Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.10Red Hat Enterprise Linux 7Red Hat OpenShift Dev Spaces 3.28Gatekeeper 3Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat OpenShift Dev Workspaces OperatorRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Quay 3.17OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4multicluster engine for Kubernetes 2.11Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Edge Manager 1.1Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1multicluster engine for Kubernetes 2.6Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Multicluster Global Hub 1.6.2Logical Volume Manager Storagemirror registry for Red Hat OpenShift 2.0Red Hat OpenShift Container Platform 4.19Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9.6 Extended Update SupportOpenShift API for Data Protection 1.5Red Hat OpenShift Service Mesh 3Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Multicluster Global Hub 1.4.5
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-32281
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.15%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient policy validation in crypto/x509

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/x509
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-27140
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-8.8||HIGH
EPSS-0.66% / 47.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

Action-Not Available
Vendor-Go toolchainRed Hat, Inc.Go
Product-gocmd/goRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsOpenShift Service Mesh 2Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportOpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat OpenShift Virtualization 4Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-641
Improper Restriction of Names for Files and Other Resources
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-32283
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.79%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/tlsCryostat 4 on RHEL 9Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Red Hat JBoss Web Server 6Red Hat Developer HubRed Hat Connectivity Link 1Multicluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerRed Hat Web Terminalstreams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat Enterprise Linux 7 Extended Lifecycle SupportExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWScert-manager Operator for Red Hat OpenShiftNetwork Observability OperatorRed Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Custom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4OpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat AMQ Broker 7Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorOpenShift API for Data ProtectionOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Builds for Red Hat OpenShiftRHEM 1.1 for RHEL 10Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationRed Hat Enterprise Linux 8.6 Update Services for SAP Solutionsmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat Edge Manager 1Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux 9.4 Extended Update SupportMulticluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Red Hat AI Inference ServerLogical Volume Manager StorageFence Agents Remediation OperatorRed Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Multicluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-764
Multiple Locks of a Critical Resource
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-32288
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 20.96%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unbounded allocation for old GNU sparse in archive/tar

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

Action-Not Available
Vendor-Go standard libraryGo
Product-goarchive/tar
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-27143
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 41.58%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing bound checks can lead to memory corruption in safe Go in cmd/compile

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.

Action-Not Available
Vendor-Go toolchainGo
Product-gocmd/compile
CVE-2026-27144
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.1||HIGH
EPSS-0.26% / 17.65%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.

Action-Not Available
Vendor-Go toolchainGo
Product-gocmd/compile
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-33810
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.24%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Cryostat 4 on RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Red Hat Developer HubRed Hat Connectivity Link 1Multicluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerLogging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Builds 1.6.5Logging Subsystem for Red Hat OpenShift 6.0streams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWSRed Hat Web Terminal 1.15Network Observability Operatorcert-manager Operator for Red Hat OpenShiftRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenShift Dev Spaces 3.28Red Hat OpenStack Platform 18.0Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Red Hat Edge Manager 1.0Power monitoring for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.6Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat OpenShift Builds 1.7.4Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorOpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Edge Manager 1.1Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat Enterprise Linux 9.4 Extended Update SupportMulticluster Global Hub 1.6.2Red Hat AI Inference ServerLogical Volume Manager StorageRed Hat Web Terminal 1.12Fence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat Enterprise Linux 9.6 Extended Update SupportOpenShift API for Data Protection 1.4OpenShift API for Data Protection 1.5Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersHawtIO HawtIO 4.4.0Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1289
Improper Validation of Unsafe Equivalence in Input
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-32289
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 20.97%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JsBraceDepth Context Tracking Bugs (XSS) in html/template

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.

Action-Not Available
Vendor-Go standard libraryGo
Product-gohtml/template
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-32282
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.4||MEDIUM
EPSS-0.29% / 21.10%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 01:06
Updated-16 Apr, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.

Action-Not Available
Vendor-Go standard libraryGo
Product-gointernal/syscall/unix
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-33809
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 18:24
Updated-21 Apr, 2026 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OOM from malicious IFD offset in golang.org/x/image/tiff

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

Action-Not Available
Vendor-golang.org/x/imageGo
Product-tiffgolang.org/x/image/tiff
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-27142
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 24.91%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-21 Apr, 2026 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URLs in meta content attribute actions are not escaped in html/template

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.

Action-Not Available
Vendor-Go standard libraryGo
Product-gohtml/template
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27139
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-2.5||LOW
EPSS-0.20% / 10.09%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-21 Apr, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FileInfo can escape from a Root in os

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.

Action-Not Available
Vendor-Go standard libraryGo
Product-goos
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-25679
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.73% / 50.08%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect parsing of IPv6 host literals in net/url

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/urlCryostat 4 on RHEL 9Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat OpenShift distributed tracing 3.9.3Red Hat Connectivity Link 1Red Hat Quay 3.16Multicluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Deployment Validation OperatorRed Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Custom Metric Autoscaler 2.19Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Migration Toolkit for ContainersRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportNode HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Quay 3.14Migration Toolkit for Applications 8RHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftOpenShift File Integrity Operator - FIO 1Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14DevWorkspace Operator 0.4Red Hat Satellite 6.19 for RHEL 9Red Hat Advanced Cluster Management for Kubernetes 2.15ExternalDNS OperatorRed Hat Enterprise Linux AI 3.3OpenShift PipelinesSecurity Profiles OperatorRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3RHEM 1.1 for RHEL 10Red Hat OpenShift Container Platform 4.13Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Quay 3.15Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionsmirror registry for Red Hat OpenShiftRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AMQ ClientsNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.16 for RHEL 9Red Hat Quay 3.9Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Service Interconnect 1OpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Red Hat Update Infrastructure 5Red Hat OpenShift Virtualization 4Red Hat OpenStack Services on OpenShift 18.0Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenStack 1.5Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Enterprise Linux 9.2 Update Services for SAP Solutionsstreams for Apache Kafka 3Red Hat Enterprise Linux 7 Extended Lifecycle SupportExternal Secrets Operator for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftRed Hat Enterprise Linux 7Gatekeeper 3Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Ansible Automation Platform 2.5 for RHEL 9OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Logging Subsystem for Red Hat OpenShift 6.2OpenShift ServerlessRed Hat Quay 3.12Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Satellite 6.18Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Edge Manager 1.1Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux 8.2 Advanced Update Supportmirror registry for Red Hat OpenShift 2.0Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 9.6 Extended Update SupportOpenShift API for Data Protection 1.5Red Hat OpenShift Service Mesh 3Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Multicluster Global Hub 1.4.5
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2026-27138
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-5.9||MEDIUM
EPSS-0.35% / 27.25%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-21 Apr, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Panic in name constraint checking for malformed certificates in crypto/x509

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/x509
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-27137
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.61% / 45.05%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:28
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect enforcement of email constraints in crypto/x509

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18mirror registry for Red Hat OpenShift 2Service Telemetry Framework 1.5Red Hat Developer HubRed Hat Connectivity Link 1Red Hat Quay 3.16Multicluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerLogging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Builds 1.6.5Logging Subsystem for Red Hat OpenShift 6.0streams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWSRed Hat Web Terminal 1.15Network Observability Operatorcert-manager Operator for Red Hat OpenShiftRed Hat OpenShift Cluster Manager CLIRHEM 1.1 for RHEL 9Red Hat Enterprise Linux 7Red Hat OpenStack Platform 18.0Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Red Hat OpenShift GitOps 1.20Logging Subsystem for Red Hat OpenShift 6.2Compliance OperatorRed Hat Advanced Cluster Security 4OpenShift ServerlessMigration Toolkit for Applications 8OpenShift LightspeedRHEM 1.0 for RHEL 9Power monitoring for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat OpenShift Builds 1.7.4DevWorkspace Operator 0.4ExternalDNS OperatorRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Satellite 6.18OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3RHEM 1.1 for RHEL 10Red Hat Satellite 6Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftOpenShift Service Mesh 2Red Hat Edge Manager 1Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Web Terminal 1.12Fence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat Enterprise Linux 9.6 Extended Update SupportOpenShift API for Data Protection 1.4Red Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4OpenShift API for Data Protection 1.5Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat OpenStack Services on OpenShift 18.0Custom Metric Autoscaler operator for Red Hat OpenshiftRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-66630
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-0.47% / 37.74%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 18:04
Updated-28 Feb, 2026 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.

Action-Not Available
Vendor-gofibergofiberGo
Product-fibergofiber
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2025-68121
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.77% / 51.34%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 17:48
Updated-29 Apr, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected session resumption in crypto/tls

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Action-Not Available
Vendor-Go standard libraryGo
Product-gocrypto/tls
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-61732
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-8.6||HIGH
EPSS-0.47% / 37.81%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 03:42
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential code smuggling via doc comments in cmd/cgo

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Action-Not Available
Vendor-Go toolchainRed Hat, Inc.Go
Product-gocmd/cgoRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat OpenShift Dev Spaces (RHOSDS) 3.26Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.15Red Hat OpenShift Service Mesh 3.2Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat OpenShift Service Mesh 2.6Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat OpenShift Service Mesh 3Red Hat OpenShift Virtualization 4Red Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.16Red Hat Hardened Images
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-22873
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-3.8||LOW
EPSS-0.24% / 14.76%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 23:05
Updated-10 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access to parent directory of root in os

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.

Action-Not Available
Vendor-Go standard libraryGo
Product-goos
CWE ID-CWE-23
Relative Path Traversal
CVE-2025-61728
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 46.72%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:30
Updated-06 Feb, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Excessive CPU consumption when building archive index in archive/zip

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

Action-Not Available
Vendor-Go standard libraryGo
Product-goarchive/zip
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-61726
Assigner-Go Project
ShareView Details
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-1.94% / 77.92%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 19:30
Updated-17 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory exhaustion in query parameter parsing in net/url

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gonet/urlCryostat 4 on RHEL 9Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat OpenShift distributed tracing 3.9.3Red Hat Connectivity Link 1Multiarch Tuning OperatorRed Hat OpenShift Dev Spaces (RHOSDS) 3.26Red Hat Quay 3.16Multicluster Engine for KubernetesDeployment Validation OperatorRed Hat OpenShift Builds 1.6.5Red Hat OpenShift Service Mesh 2.6Logging Subsystem for Red Hat OpenShift 6.0Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Quay 3.10Red Hat OpenShift on AWSRed Hat Web Terminal 1.15Red Hat OpenShift Cluster Manager CLICustom Metric Autoscaler 2.19Red Hat OpenStack Platform 18.0Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Migration Toolkit for ContainersRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9Red Hat Satellite 6.18 for RHEL 9Red Hat OpenShift distributed tracing 3Red Hat Enterprise Linux 8Red Hat OpenShift GitOps 1.17Red Hat Quay 3.14Migration Toolkit for Applications 8Power monitoring for Red Hat OpenShiftOpenShift File Integrity Operator - FIO 1Red Hat OpenShift AI 2.25OpenShift Developer Tools and Services 1.6.2Red Hat Service Interconnect 2Red Hat OpenStack Platform 17.1 for RHEL 9OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14DevWorkspace Operator 0.4ExternalDNS OperatorRed Hat Advanced Cluster Management for Kubernetes 2.15Red Hat Ceph Storage 5Zero Trust Workload Identity Manager 1OpenShift PipelinesFile Integrity OperatorRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Advanced Cluster Management for Kubernetes 2.14Red Hat Openshift Data Foundation 4.19Red Hat Trusted Artifact Signer 1.3Red Hat Web Terminal 1.11Red Hat OpenShift Container Platform 4.13Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Ceph Storage 8Red Hat Ansible Automation Platform 2.4 for RHEL 9Red Hat Quay 3.15Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionsmulticluster engine for Kubernetes 2.8mirror registry for Red Hat OpenShiftRed Hat OpenShift Dev SpacesRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AMQ ClientsNetwork Observability (NETOBSERV) 1.11.2Red Hat Web Terminal 1.12Fence Agents Remediation OperatorRed Hat OpenShift Container Platform 4.18Red Hat OpenShift AI 2.16Red Hat Quay 3.9Red Hat Service Interconnect 1OpenShift API for Data Protection 1.4Cert Manager support for Red Hat OpenShift release 1.17Red Hat OpenShift Dev Spaces 3.27Red Hat Update Infrastructure 5Cryostat 4Red Hat OpenShift Virtualization 4HawtIO HawtIO 4.4.0Red Hat OpenStack Services on OpenShift 18.0Red Hat Advanced Cluster Security for Kubernetes 4.8Red Hat OpenShift Container Platform 4.16Logging Subsystem for Red Hat OpenShift 6.3Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4Red Hat Developer Hub 1.8Red Hat Ansible Automation Platform 2.6 for RHEL 9Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Machine Deletion Remediation OperatorRed Hat OpenShift GitOps 1.18Red Hat Ceph Storage 7external secrets operator for Red Hat OpenShift 1.0Red Hat OpenShift Container Platform 4.15Zero Trust Workload Identity ManagerRed Hat OpenShift Service Mesh 3.2Logging Subsystem for Red Hat OpenShift 6.4Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle Supportcert-manager Operator for Red Hat OpenShiftmulticluster engine for Kubernetes 2.10multicluster engine for Kubernetes 2.9Red Hat Enterprise Linux 7Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.4 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat OpenShift AI 3.3Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Ansible Automation Platform 2.5 for RHEL 9OpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Logging Subsystem for Red Hat OpenShift 6.2OpenShift ServerlessRed Hat Quay 3.12OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat Satellite 6.18OpenShift API for Data ProtectionRed Hat Certification Program for Red Hat Enterprise Linux 9Streams for Apache Kafka 3.2.0Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Openshift Data Foundation 4.18Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Lightspeed (formerly Insights) for Runtimes 1multicluster engine for Kubernetes 2.6Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute AttestationOpenShift Service Mesh 2Red Hat Edge Manager 1Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux 8.2 Advanced Update Supportmirror registry for Red Hat OpenShift 2.0Node Maintenance OperatorRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 9.6 Extended Update Supportmulticluster engine for Kubernetes 2.7HawtIO HawtIO 4.3.1OpenShift API for Data Protection 1.5Red Hat OpenShift Service Mesh 3Red Hat OpenShift GitOps 1.19Red Hat OpenShift for Windows ContainersRed Hat OpenShift Container Platform 4.20Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Ceph Storage 6Custom Metric Autoscaler operator for Red Hat OpenshiftMulticluster Global Hub 1.4.5
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next