Vulnerability in Go Toolchain Cmd/go
CVE-2026-27140
SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.
EPSS: 0.000 (3.5th percentile) — read the EPSS interpretation.
Affected products
- Go Toolchain Cmd/go — versions 0, 1.26.0-0