Code execution vulnerability in SWIG code generation in cmd/go

Description

A vulnerability, which was classified as critical, has been found in cmd-go up to 1.25.8/1.26.1 on Go. This vulnerability affects unknown code of the component SWIG File Parser. Performing a manipulation results in trust boundary violation.

Affected Products

Vendor	Product	Versions
go toolchain	cmd/go	0, 1.26.0-0, 1.25.8, 1.26.1

References

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-27140 | cmd-go up to 1.25.8/1.26.1 on Go SWIG File Parser trust boundary violation

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.25.91.26.2

PublishedApr 8, 2026

Last enriched4h agov2

Trending Score49

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (2)

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated severity to CRITICAL, added affected versions 1.25.8 and 1.26.1, and corrected exploit availability to false.

descriptionseverityaffectedVersionsactivelyExploited

via VulDB

v18h ago

Initial creation