{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T01:46:49.830","vulnerabilities":[{"cve":{"id":"CVE-2026-27139","sourceIdentifier":"security@golang.org","published":"2026-03-06T22:16:01.070","lastModified":"2026-04-21T14:32:36.317","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root."},{"lang":"es","value":"En plataformas Unix, al listar el contenido de un directorio usando File.ReadDir o File.Readdir, el FileInfo devuelto podría hacer referencia a un archivo fuera de la Raíz en la que se abrió el Archivo. El impacto de este escape se limita a la lectura de metadatos proporcionados por lstat desde ubicaciones arbitrarias en el sistema de archivos sin permitir la lectura o escritura de archivos fuera de la raíz."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.8","matchCriteriaId":"2D293CC0-B163-4E62-B985-52FB6ECA64C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:1.26.0:*:*:*:*:*:*:*","matchCriteriaId":"A40FE3CB-0D03-462B-8A19-4DF1920ABE82"}]}]}],"references":[{"url":"https://go.dev/cl/749480","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://go.dev/issue/77827","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk","source":"security@golang.org","tags":["Release Notes"]},{"url":"https://pkg.go.dev/vuln/GO-2026-4602","source":"security@golang.org","tags":["Vendor Advisory"]}]}}]}