CVE-2026-27143

Summary

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.

Affected Software

VendorProductVersion RangeStatus
Go toolchaincmd/compile0 < 1.25.9affected
Go toolchaincmd/compile1.26.0-0 < 1.26.2affected

Weaknesses

  • CWE-190: Integer Overflow or Wraparound

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References