All errata/c10f2/ALT-PU-2026-10636-2
ALT-PU-2026-10636-2

Package update golang in branch c10f2

Version1.26.5-alt1
Published2026-07-09
Max severityHIGH
Severity:

Closed issues (2)

CVE-2026-39822
HIGH7.8

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.

Published: 2026-07-08Modified: 2026-07-08
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H