PT-2026-38562 · Go · Go

Harshit Gupta

·

Published

2026-05-07

·

Updated

2026-05-20

·

CVE-2026-39817

CVSS v3.1

5.9

Medium

VectorAV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Go (affected versions not specified)
Description The "go tool pack" subcommand does not sanitize output filenames. This allows the extraction of a malicious archive file to write files to arbitrary locations on the filesystem.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

BIT-GOLANG-2026-39817
CLEANSTART-2026-AN32474
CLEANSTART-2026-AP95632
CLEANSTART-2026-AQ65185
CLEANSTART-2026-AY89602
CLEANSTART-2026-BD19566
CLEANSTART-2026-BG69533
CLEANSTART-2026-BN09969
CLEANSTART-2026-BS27946
CLEANSTART-2026-CD71342
CLEANSTART-2026-CK61704
CLEANSTART-2026-CR00119
CLEANSTART-2026-DH72490
CLEANSTART-2026-DM19620
CLEANSTART-2026-EI06494
CLEANSTART-2026-GB83728
CLEANSTART-2026-GE45898
CLEANSTART-2026-GJ69402
CLEANSTART-2026-GQ00159
CLEANSTART-2026-GY76045
CLEANSTART-2026-IP78312
CLEANSTART-2026-KA21986
CLEANSTART-2026-KO66630
CLEANSTART-2026-LA67881
CLEANSTART-2026-LI56163
CLEANSTART-2026-MI82983
CLEANSTART-2026-MJ60235
CLEANSTART-2026-MK07381
CLEANSTART-2026-ML42911
CLEANSTART-2026-NT10973
CLEANSTART-2026-OF37807
CLEANSTART-2026-OH43332
CLEANSTART-2026-OX06093
CLEANSTART-2026-PB32291
CLEANSTART-2026-PK19530
CLEANSTART-2026-PV53006
CLEANSTART-2026-QP84300
CLEANSTART-2026-QS87161
CLEANSTART-2026-QU88766
CLEANSTART-2026-RD75979
CLEANSTART-2026-RX06063
CLEANSTART-2026-RZ44006
CLEANSTART-2026-RZ88142
CLEANSTART-2026-SE34232
CLEANSTART-2026-TD06078
CLEANSTART-2026-TD94714
CLEANSTART-2026-TH33219
CLEANSTART-2026-TK06108
CLEANSTART-2026-VU08393
CVE-2026-39817
GO-2026-4979
OPENSUSE-SU-2026:10723-1
OPENSUSE-SU-2026:10741-1

Affected Products

Go