Go vulnerabilities | Corgea Advisories

HIGH 7.2

Go

CVE-2026-42306

Docker: Race condition in docker cp allows bind mount redirection to host path

May 18, 2026

HIGH 7.5

Go

CVE-2026-54091

File Browser has incorrect access control for public directory shares via rule path rebasing

Jun 12, 2026

HIGH 7.7

Go

CVE-2026-53999

Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)

Jun 12, 2026

HIGH 7.5

Go

CVE-2026-32936

CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

Apr 28, 2026

HIGH 7.7

Go

CVE-2026-47701

OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth

Jun 10, 2026

HIGH 8.0

Go

CVE-2026-11401

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance

Jun 11, 2026

HIGH 8.1

Go

CVE-2026-45062

FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

May 15, 2026

HIGH 8.8

Go

CVE-2026-46612

Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives

May 21, 2026

HIGH 7.3

Go

CVE-2026-47253

Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion

Jun 10, 2026

HIGH 7.1

Go

CVE-2026-49396

Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents

Jun 10, 2026

HIGH 7.5

Go

CVE-2024-8063

Ollama Divide by Zero Vulnerability

Mar 20, 2025

HIGH 7.5

Go

CVE-2025-1975

Ollama Server Vulnerable to Denial of Service (DoS) Attack

May 16, 2025

HIGH 8.7

Go

GHSA-7qjx-gp9h-65qj

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

Jun 9, 2026

HIGH 8.0

Go

CVE-2025-52903

filebrowser Allows Shell Commands to Spawn Other Commands

Jun 27, 2025

HIGH 7.2

Go

CVE-2026-35585

File Browser has a Command Injection via Hook Runner

Apr 8, 2026

HIGH 7.5

Go

CVE-2026-52880

klever-go: REST API slow-header connection exhaustion via Gin Engine.Run

Jun 5, 2026

HIGH 7.5

Go

CVE-2026-52878

Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Jun 5, 2026

HIGH 7.5

Go

CVE-2026-52879

klever-go: Unbounded goroutine spawn on direct-message ingress enables peer-driven DoS

Jun 5, 2026

HIGH 7.2

Go

CVE-2026-41567

Docker: `PUT /containers/{id}/archive` executes container binary on the host

May 18, 2026

HIGH 8.2

Go

CVE-2026-45327

TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection

May 18, 2026

HIGH 7.5

Go

CVE-2026-45686

OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI

May 18, 2026

HIGH 8.0

Go

CVE-2025-52904

File Browser: Command Execution not Limited to Scope

Jun 30, 2025

HIGH 8.5

Go

CVE-2026-47201

authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

May 29, 2026

HIGH 7.5

Go

CVE-2026-45685

OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages

May 18, 2026

HIGH 7.5

Go

CVE-2026-45678

OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads

May 18, 2026

HIGH 8.8

Go

CVE-2026-39386

Neko has a Self-service Privilege Escalation for Authenticated Users

Apr 21, 2026

HIGH 7.5

Go

CVE-2026-46385

iskorotkov/avro: CPU Exhaustion in Decoder

May 18, 2026

HIGH 8.2

Go

CVE-2026-45627

Arcane Backend: Unauthenticated reflected XSS via SVG color parameter enables admin account takeover

May 18, 2026

HIGH 7.5

Go

CVE-2026-46384

iskorotkov/avro: Integer Overflow in Decoder

May 18, 2026

HIGH 8.8

Go

CVE-2026-47125

Arcane: Missing admin authorization on global variables endpoint

May 23, 2026

HIGH 7.7

Go

CVE-2026-47179

Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives

May 28, 2026

HIGH 7.4

Go

CVE-2026-48501

GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

May 29, 2026

HIGH 8.2

Go

CVE-2026-41145

MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

Apr 14, 2026

HIGH 8.5

Go

CVE-2026-44850

Portainer has a bind-mount restriction bypass via HostConfig.Mounts

May 14, 2026

HIGH 8.8

Go

CVE-2026-44849

Portainer has an endpoint security bypass via Swarm service create/update

May 14, 2026

HIGH 8.8

Go

CVE-2026-44848

Portainer missing authorization on Docker plugin endpoints, which allows host RCE

May 14, 2026

HIGH 8.1

Go

CVE-2026-44973

go-billy has path traversal vulnerabilities

May 14, 2026

HIGH 8.1

Go

CVE-2026-44882

Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

May 14, 2026

HIGH 7.5

Go

CVE-2026-44883

Portainer: JWT accepted in URL query leaks tokens to logs and referers

May 14, 2026

HIGH 8.7

Go

CVE-2026-44543

Local Path Provisioner Vulnerable to HelperPod Template Injection

May 11, 2026

HIGH 7.5

Go

CVE-2026-44594

esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

May 12, 2026

HIGH 7.5

Go

CVE-2026-44316

free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

May 8, 2026

HIGH 7.3

Go

CVE-2026-44320

free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

May 8, 2026

HIGH 7.5

Go

CVE-2026-44319

free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)

May 8, 2026

HIGH 7.8

Go

CVE-2026-45152

uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution

May 13, 2026

HIGH 7.1

Go

CVE-2026-44473

Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse

May 11, 2026

HIGH 8.2

Go

CVE-2026-45089

Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

May 12, 2026

HIGH 7.5

Go

CVE-2026-42459

Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information

May 7, 2026

HIGH 7.5

Go

CVE-2026-44321

free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

May 8, 2026

HIGH 8.2

Go

CVE-2026-42083

Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI

May 7, 2026

HIGH 7.5

Go

CVE-2026-45047

Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

May 11, 2026

HIGH 7.5

Go

CVE-2026-45088

Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`

May 12, 2026

HIGH 8.2

Go

CVE-2026-44328

free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating

May 8, 2026

HIGH 7.5

Go

GHSA-m38g-vww2-mvgx

Talos Linux has a local privilege escalation from untrusted workloads

May 7, 2026

HIGH 7.5

Go

CVE-2026-44322

free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference

May 8, 2026

HIGH 7.5

Go

CVE-2026-44325

free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

May 8, 2026

HIGH 8.6

Go

CVE-2026-45298

Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

May 18, 2026

HIGH 7.5

Go

CVE-2026-23998

Fleet has a Windows MDM management endpoint authentication bypass

May 14, 2026

HIGH 7.5

Go

CVE-2026-24899

Fleet Windows MDM Azure AD JWT Authentication Bypass

May 14, 2026

HIGH 7.5

Go

CVE-2026-45090

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

May 12, 2026

Know every threat before it ships

Docker: Race condition in docker cp allows bind mount redirection to host path

File Browser has incorrect access control for public directory shares via rule path rebasing

Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)

CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance

FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives

Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion

Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents

Ollama Divide by Zero Vulnerability

Ollama Server Vulnerable to Denial of Service (DoS) Attack

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

filebrowser Allows Shell Commands to Spawn Other Commands

File Browser has a Command Injection via Hook Runner

klever-go: REST API slow-header connection exhaustion via Gin Engine.Run

Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

klever-go: Unbounded goroutine spawn on direct-message ingress enables peer-driven DoS

Docker: `PUT /containers/{id}/archive` executes container binary on the host

TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection

OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI

File Browser: Command Execution not Limited to Scope

authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages

OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads

Neko has a Self-service Privilege Escalation for Authenticated Users

iskorotkov/avro: CPU Exhaustion in Decoder

Arcane Backend: Unauthenticated reflected XSS via SVG color parameter enables admin account takeover

iskorotkov/avro: Integer Overflow in Decoder

Arcane: Missing admin authorization on global variables endpoint

Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives

GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

Portainer has a bind-mount restriction bypass via HostConfig.Mounts

Portainer has an endpoint security bypass via Swarm service create/update

Portainer missing authorization on Docker plugin endpoints, which allows host RCE

go-billy has path traversal vulnerabilities

Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Portainer: JWT accepted in URL query leaks tokens to logs and referers

Local Path Provisioner Vulnerable to HelperPod Template Injection

esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)

uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution

Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse

Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information

free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI

Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`

free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating

Talos Linux has a local privilege escalation from untrusted workloads

free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference

free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Fleet has a Windows MDM management endpoint authentication bypass

Fleet Windows MDM Azure AD JWT Authentication Bypass

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Start Securing