pkg:Debian/golang-1.26

24 total CVEsCRITICAL1HIGH12MEDIUM10LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-27143Missing bound checks can lead to memory corruption in safe Go in cmd/compile
    from 0, < 1.26.2-1
  • HIGH8.8CVE-2026-27140Code execution vulnerability in SWIG code generation in cmd/go
    from 0, < 1.26.2-1
  • HIGH8.2CVE-2026-33810Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
    from 0, < 1.26.2-1
  • HIGH7.5CVE-2026-42501Malicious module proxy can bypass checksum database in cmd/go
    from 0, < 1.26.3-1
  • HIGH7.5CVE-2026-33811Crash when handling long CNAME response in net
    from 0, < 1.26.3-1
  • HIGH7.5CVE-2026-39820Quadratic string concatentation in consumeComment in net/mail
    from 0, < 1.26.3-1
  • HIGH7.5CVE-2026-42499Quadratic string concatenation in consumePhrase in net/mail
    from 0, < 1.26.3-1
  • HIGH7.5CVE-2026-32281Inefficient policy validation in crypto/x509
    from 0, < 1.26.2-1
  • HIGH7.5CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
    from 0, < 1.26.2-1
  • HIGH7.5CVE-2026-32280Unexpected work during chain building in crypto/x509
    from 0, < 1.26.2-1
  • HIGH7.5CVE-2026-25679Incorrect parsing of IPv6 host literals in net/url
    from 0, < 1.26.1-1
  • HIGH7.5CVE-2026-27137Incorrect enforcement of email constraints in crypto/x509
    from 0, < 1.26.1-1
  • HIGH7.1CVE-2026-27144Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
    from 0, < 1.26.2-1
  • MEDIUM6.4CVE-2026-32282TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
    from 0, < 1.26.2-1
  • MEDIUM6.1CVE-2026-39823Bypass of meta content URL escaping causes XSS in html/template
    from 0, < 1.26.3-1
  • MEDIUM6.1CVE-2026-39826Escaper bypass leads to XSS in html/template
    from 0, < 1.26.3-1
  • MEDIUM6.1CVE-2026-32289JsBraceDepth Context Tracking Bugs (XSS) in html/template
    from 0, < 1.26.2-1
  • MEDIUM6.1CVE-2026-27142URLs in meta content attribute actions are not escaped in html/template
    from 0, < 1.26.1-1
  • MEDIUM5.9CVE-2026-39817Invoking "go tool pack" does not sanitize output paths in cmd/go
    from 0, < 1.26.3-1
  • MEDIUM5.9CVE-2026-27138Panic in name constraint checking for malformed certificates in crypto/x509
    from 0, < 1.26.1-1
  • MEDIUM5.5CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar
    from 0, < 1.26.2-1
  • MEDIUM5.3CVE-2026-39825ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
    from 0, < 1.26.3-1
  • MEDIUM5.3CVE-2026-39819Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go
    from 0, < 1.26.3-1
  • LOW2.5CVE-2026-27139FileInfo can escape from a Root in os
    from 0, < 1.26.1-1