Description

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.

INFO

Published Date :

2026-04-08T01:06:55.953Z

Last Modified :

2026-04-08T01:06:55.953Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32282 vulnerability.

Vendors Products
Go Standard Library
  • Internal/syscall/unix
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32282.

URL Resource
https://go.dev/cl/763761 cve-icon cve-icon cve-icon
https://go.dev/issue/78293 cve-icon cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-32282 cve-icon
https://pkg.go.dev/vuln/GO-2026-4864 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-32282 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact