Code execution vulnerability in SWIG code generation in cmd/go

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

AI Analysis

Code execution vulnerability in SWIG code generation

Basic Information

ID CVE-2026-27140

Source Go

Published Apr 8, 2026 at 01:06

Modified Apr 13, 2026 at 13:22

Affected Product

Vendor Go toolchain

Product cmd/go

Affected Versions Go toolchain cmd/go 0
Go toolchain cmd/go 1.26.0-0

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Go

Product cmd/go

Version 0, 1.26.0-0

References

{
    "lastseen": "",
    "description": "SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.",
    "published": "2026-04-08T01:06:57.893Z",
    "modified": "2026-04-13T13:22:34.117Z",
    "type": "cve",
    "title": "Code execution vulnerability in SWIG code generation in cmd/go",
    "source": "Go",
    "references": "https://go.dev/cl/763768\nhttps://go.dev/issue/78335\nhttps://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\nhttps://pkg.go.dev/vuln/GO-2026-4871",
    "id": "CVE-2026-27140",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Go toolchain cmd/go 0\nGo toolchain cmd/go 1.26.0-0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cmd/go",
    "version": "0",
    "vendor": "Go toolchain",
    "ai_description": "Code execution vulnerability in SWIG code generation",
    "ai_severity": "High",
    "ai_vendor": "Go",
    "ai_product": "cmd/go",
    "ai_version": "0, 1.26.0-0",
    "ai_score": 8.8
}

Code execution vulnerability in SWIG code generation in cmd/go_CVE-2026-27140