CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile

🗓️ 08 Apr 2026 01:06:57Reported by GoType

CVE-2026-27143: Missing bound checks in safe Go in cmd/compile cause memory corruption.

Reporter	Title	Published	Views	Family All 852
Tenable Nessus	Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1593)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1598)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : golist (ALAS2023-2026-1599)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nerdctl (ALAS2023-2026-1605)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1606)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : docker (ALAS2023-2026-1615)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : ecs-init (ALAS2023-2026-1637)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1645)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1660)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : runc (ALAS2023-2026-1661)	20 May 202600:00	–	nessus

[
  {
    "vendor": "Go toolchain",
    "product": "cmd/compile",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "cmd/compile",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.25.9",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.26.0-0",
        "lessThan": "1.26.2",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
go	www.go.dev/cl/763765
groups	www.groups.google.com/g/golang-announce/c/0uYbvbPZRWU
go	www.go.dev/issue/78333
pkg	www.pkg.go.dev/vuln/GO-2026-4868

08 Apr 2026 01:06Current

EPSS0.00536