PT-2026-40715 · Go-Billy · Go-Billy

Faran66

·

Published

2026-05-13

·

Updated

2026-06-11

·

CVE-2026-44740

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions go-billy versions prior to v5
Description Multiple components improperly handle crafted or malformed input, which can lead to panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues result from insufficient validation and a lack of safety mechanisms, such as cycle detection, recursion limits, or defensive handling of unexpected states, when processing untrusted repository data and filesystem structures.
Recommendations Upgrade to a supported go-billy version v5 or later.

Fix

Uncontrolled Recursion

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-835

Related Identifiers

CLEANSTART-2026-AQ65185
CLEANSTART-2026-BG69533
CLEANSTART-2026-DM19620
CLEANSTART-2026-QP84300
CLEANSTART-2026-UY49411
CVE-2026-44740
GHSA-M3XC-H892-GGX6
OPENSUSE-SU-2026:10856-1
OPENSUSE-SU-2026:10941-1
OPENSUSE-SU-2026:10943-1
OPENSUSE-SU-2026:10967-1
OPENSUSE-SU-2026:10996-1
OPENSUSE-SU-2026:20956-1

Affected Products

Go-Billy