Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

Description

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.

Affected Products

Vendor	Product	Versions
go toolchain	cmd/compile	0, 1.26.0-0, 1.25.8, 1.26.1

References

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-27144 | cmd-compile up to 1.25.8/1.26.1 on Go expected behavior violation

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.25.91.26.2

PublishedApr 8, 2026

Last enriched3h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Version History

Last enriched 3h ago

v2Tier C3h ago

Updated severity to CRITICAL, added affected versions 1.25.8 and 1.26.1, and marked the vulnerability as actively exploited.

severityaffectedVersionsactivelyExploitedtags

via VulDB

v16h ago

Initial creation

Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History