Skip to content

fix: bump Go to 1.26.5 to resolve CVE-2026-39822#23

Merged
mkumatag merged 1 commit into
IBM:mainfrom
sudeeshjohn:fix/cve-2026-39822-go-1.26.5
Jul 16, 2026
Merged

fix: bump Go to 1.26.5 to resolve CVE-2026-39822#23
mkumatag merged 1 commit into
IBM:mainfrom
sudeeshjohn:fix/cve-2026-39822-go-1.26.5

Conversation

@sudeeshjohn

Copy link
Copy Markdown
Collaborator

Summary

Bumps the Go toolchain version from 1.26.4 to 1.26.5 in go.mod.

Security Fix

CVE Severity Installed Fixed Description
CVE-2026-39822 HIGH v1.26.4 1.26.5 os.Root: symlink following vulnerability allows directory traversal

Changes

  • go.mod: go 1.26.4go 1.26.5

Trivy scan will pass once this is merged.

…versal)

Signed-off-by: SUDEESH JOHN <sudeeshjohn@in.ibm.com>
@sudeeshjohn
sudeeshjohn force-pushed the fix/cve-2026-39822-go-1.26.5 branch from cf94e5d to 2466f15 Compare July 16, 2026 07:58
@sudeeshjohn
sudeeshjohn requested a review from mkumatag July 16, 2026 08:03
@mkumatag
mkumatag merged commit c42780e into IBM:main Jul 16, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants