Critical Golang Go Vulnerabilities, CVSS 9.8, Remote Code Execution
Summary
CERT-Bund issued a critical security advisory (WID-SEC-2026-1006) regarding multiple vulnerabilities in Golang Go versions prior to 1.26.2 and 1.25.9. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable attackers to execute arbitrary code remotely, cause memory corruption, bypass security controls, or trigger denial-of-service conditions. Organizations using affected Go versions must apply available mitigations or update immediately.
What changed
CERT-Bund published a critical security advisory warning of multiple severe vulnerabilities in the Golang Go programming language. The flaws, affecting versions below 1.26.2 and 1.25.9, have a CVSS Base Score of 9.8 and allow remote attackers to execute arbitrary code, corrupt memory, bypass security mechanisms, or cause denial-of-service conditions.
Organizations using Golang Go in their software development, infrastructure, or deployed applications must prioritize patching to the latest secure versions or implement recommended mitigations. Failure to address these vulnerabilities poses immediate risk of remote compromise, particularly for internet-facing systems running affected Go code.
What to do next
- Update Golang Go installations to version 1.26.2 or 1.25.9 or later immediately
- Review all systems and applications using affected Go versions for signs of exploitation
- Apply available mitigations if immediate patching is not feasible
Archived snapshot
Apr 9, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1006] Golang Go: Mehrere Schwachstellen CVSS Base Score 9.8 (kritisch) CVSS Temporal Score 8.5 (hoch) Remoteangriff ja Datum 07.04.2026 Stand 08.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
Go ist eine quelloffene Programmiersprache.
Produkte
07.04.2026
- Golang Go <1.26.2
- Golang Go <1.25.9
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um Speicherbeschädigungen zu verursachen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand auszulösen oder andere, nicht näher spezifizierte Angriffe durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The plain-English summary, classification, and "what to do next" steps are AI-generated from the original text. Cite the source document, not the AI analysis.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.