GO-2026-4871 Code execution vulnerability in SWIG code generation in cmd/go

🗓️ 07 Apr 2026 22:53:49Reported by GoogleType

osv

osv🔗 osv.dev👁 2 Views

GO-2026-4871 enables code execution via SWIG in cmd/go using cgo file names and payloads.

Reporter	Title	Published	Views	Family All 760
Tenable Nessus	Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1593)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : golang, --advisory ALAS2-2026-3259 (ALAS-2026-3259)	30 Apr 202600:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0111: golang (ALINUX3-SA-2026:0111)	18 May 202600:00	–	nessus
Tenable Nessus	Golang 1.25.x < 1.25.9 / 1.26.x < 1.26.2 Multiple Vulnerabilities	9 Apr 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : golang-1.25.9-1.el9_7 (AXSA:2026-520:04)	3 May 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : go-toolset:rhel8 (AXSA:2026-564:01)	8 May 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : go1.25 (openSUSE-SU-2026:20570-1)	22 Apr 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : go1.26 (openSUSE-SU-2026:20571-1)	22 Apr 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : coredns (openSUSE-SU-2026:20703-1)	10 May 202600:00	–	nessus
Tenable Nessus	Oracle Linux 10 : golang (ELSA-2026-10217)	24 Apr 202600:00	–	nessus

Source	Link
go	www.go.dev/cl/763768
go	www.go.dev/issue/78335
groups	www.groups.google.com/g/golang-announce/c/0uYbvbPZRWU

13 May 2026 10:44Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.18.8

EPSS0.00015

SSVC

go vulnerability swig code generation code execution build time