CVE-2026-39822

N/A Unknown
Published: July 08, 2026 Modified: July 08, 2026
View on NVD

Description

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://go.dev/cl/797880
Source: security@golang.org
https://go.dev/issue/79005
Source: security@golang.org
https://pkg.go.dev/vuln/GO-2026-4970
Source: security@golang.org

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV