CVE-2026-27144

Summary

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.

Affected Software

VendorProductVersion RangeStatus
Go toolchaincmd/compile0 < 1.25.9affected
Go toolchaincmd/compile1.26.0-0 < 1.26.2affected

Weaknesses

  • CWE-440: Expected Behavior Violation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References