Description
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
References (39)
Core 39
Core References
Patch, Product
https://go.dev/cl/734220
Issue Tracking, Vendor Advisory
https://go.dev/issue/76697
Mailing List, Release Notes
https://groups.google.com/g/golang-announce/c/K09ubi9FQFk
Vendor Advisory, Patch
https://pkg.go.dev/vuln/GO-2026-4433
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:10104
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:12282
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:14100
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:14774
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:15091
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:21691
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2706
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2708
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2709
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2844
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3192
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3193
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3468
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3469
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3470
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3471
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3472
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3473
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3489
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3556
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3559
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3855
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:4434
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:5133
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:5907
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:5948
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:5950
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:5952
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7291
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7385
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8448
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-61732
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2437016
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:17598
Scores
CVSS v3
8.6
EPSS
0.0047
EPSS Percentile
37.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (3)
Go toolchain/cmd/cgo
< 1.24.13
Go toolchain/cmd/cgo
1.25.0-0 - 1.25.7
golang/go
< 1.24.13
Published
Feb 05, 2026
Tracked Since
Feb 18, 2026