Vulnerability in Go Toolchain Cmd/compile
CVE-2026-27143
Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.
EPSS: 0.000 (6.4th percentile) — read the EPSS interpretation.
Affected products
- Go Toolchain Cmd/compile — versions 0, 1.26.0-0