anonhaven
Ad

CVE-2026-27144

HIGH CVSS 3.1: 7.1 EPSS 0.01%
Updated Apr 16, 2026
Golang
Parameter Value
CVSS 7.1 (HIGH)
Affected Versions 1.26.0 — 1.26.2
Fixed In 1.25.9
Type CWE-843 (Type Confusion)
Vendor Golang
Public PoC No

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-843 Type Confusion

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Golang Go
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
 1.25.9
Golang Go
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
 1.26.0 1.26.2

References 4

https://go.dev/cl/763764
security@golang.org
https://go.dev/issue/78371
security@golang.org
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU
security@golang.org
https://pkg.go.dev/vuln/GO-2026-4867
security@golang.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33810

Golang

8.2

CVE-2026-32289

Go Standard Library

6.1

CVE-2026-32288

Go Standard Library

5.5

CVE-2026-32283

Golang

7.5

CVE-2026-32282

Golang

6.4