Vulnerability Report: GO-2026-4867

  • CVE-2026-27144
  • Affects: cmd/compile
  • Published: Apr 07, 2026

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.

Affected Packages

  • Path
    Versions
    Symbols
  • cmd/compile
    before go1.25.9, from go1.26.0-0 before go1.26.2
    all symbols

Aliases

References

Credits

  • Jakub Ciolek - https://ciolek.dev/

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.