CVE-2026-27139

CVSS v3.1

2.5

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions AWS Lambda versions (affected versions not specified)

Description On Unix platforms, when listing directory contents using

File.ReadDir

File.Readdir

, the returned

FileInfo

could reference a file outside the root directory in which the file was opened. This allows reading metadata from arbitrary locations on the filesystem using

lstat

without permitting file reading or writing outside the root. The issue impacts stdlib in 27 Lambda base images.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-27139

GO-2026-4602

OPENSUSE-SU-2026:10299-1

Affected Products

Aws-Lambda

Stdlib

CVE-2026-27139

Related Identifiers

Affected Products

References · 18