CVE-2026-27140

Опубликовано: 08 апр. 2026

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

Ссылки

https://go.dev/cl/763768
Release Notes
https://go.dev/issue/78335
Issue Tracking
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
Mailing List
Release Notes
https://pkg.go.dev/vuln/GO-2026-4871
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия до 1.25.9 (исключая)

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия от 1.26.0 (включая) до 1.26.2 (исключая)

EPSS

Процентиль: 41%

0.00532

Низкий

8.8 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

CVE-2026-27140

CVSS3: 8.8

ubuntu

3 месяца назад

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

CVE-2026-27140

CVSS3: 9

redhat

3 месяца назад

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

CVE-2026-27140

msrc

26 дней назад

Code execution vulnerability in SWIG code generation in cmd/go

CVE-2026-27140

CVSS3: 8.8

debian

3 месяца назад

SWIG file names containing 'cgo' and well-crafted payloads could lead ...

GHSA-5w89-2c2x-6x66

CVSS3: 8.8

github

3 месяца назад

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

EPSS

Процентиль: 41%

0.00532

Низкий

8.8 High

CVSS3

Дефекты

CWE-863