CVE-2026-27139

ADVISORY - nist

Summary

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

Impacted images

Advisories

GoLang

CREATED

9 hours ago

UPDATED

9 hours ago

ADVISORY IDGO-2026-4602⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
stdlib	golang	-	-	>=1.26.0-0,<1.26.1	1.26.1
stdlib	golang	-	-	<1.25.8	1.25.8

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

8 hours ago

UPDATED

8 hours ago

ADVISORY IDCVE-2026-27139⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

RATING UNAVAILABLE FROM ADVISORY

Alpine

CREATED

21 hours ago

UPDATED

21 hours ago

ADVISORY IDCVE-2026-27139⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

7 hours ago

UPDATED

2 hours ago

ADVISORY IDCVE-2026-27139⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY