Vulnerability in Google Go-attestation
CVE-2026-12681
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this al…
EPSS: 0.002 (8.9th percentile) — read the EPSS interpretation.
Affected products
- Google Go-attestation — versions 0