Vulnerability Report: GO-2026-4433

  • CVE-2025-61732
  • Affects: cmd/cgo
  • Published: Feb 05, 2026

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Affected Packages

  • Path
    Versions
    Symbols
  • cmd/cgo
    before go1.24.13, from go1.25.0-0 before go1.25.7
    all symbols

Aliases

References

Credits

  • RyotaK (https://ryotak.net) of GMO Flatt Security Inc.

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.