CVE-2026-27139

Published: Mar 06, 2026 Last Modified: Mar 09, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0001
Percentile
0,0th
Updated

EPSS Score Trend (Last 9 Days)

https://go.dev/cl/749480
https://go.dev/cl/749480
https://go.dev/issue/77827
https://go.dev/issue/77827
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
https://pkg.go.dev/vuln/GO-2026-4602
https://pkg.go.dev/vuln/GO-2026-4602