πŸ” CVE Alert

CVE-2026-27140

HIGH 8.8

Code execution vulnerability in SWIG code generation in cmd/go

CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
1th

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

Vendor go toolchain
Product cmd/go
Published Apr 8, 2026
Last Updated Apr 13, 2026
Stay Ahead of the Next One

Get instant alerts for go toolchain cmd/go

Be the first to know when new high vulnerabilities affecting go toolchain cmd/go are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Go toolchain / cmd/go
0 < 1.25.9 1.26.0-0 < 1.26.2

References

NVD β†— CVE.org β†— EPSS Data β†—
go.dev: https://go.dev/cl/763768 go.dev: https://go.dev/issue/78335 groups.google.com: https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU pkg.go.dev: https://pkg.go.dev/vuln/GO-2026-4871

Credits

Juho ForsΓ©n of Mattermost