CVE-2026-33487

Description

Loop Variable Capture Signature Bypass in goxmldsig in github.com/russellhaering/goxmldsig

Affected packages (2)

• Go/github.com/russellhaering/goxmldsigfrom 0, < 1.6.0
• Go/github.com/russellhaering/goxmldsigfrom 0, < 1.6.0

CVSS scores

References (3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-33487
• PATCHhttps://github.com/russellhaering/goxmldsig
• WEBhttps://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc