Memory Corruption in Go Compiler Affecting the Go Programming Language
CVE-2026-27144

Currently unrated

Key Information:

Vendor: Go Toolchain
Status: Cmd/compile
Vendor: CVE Published:; 8 April 2026

🔔 Create Go Toolchain Vulnerability Alert

What is CVE-2026-27144?

The Go Compiler experiences a vulnerability due to a failure in unwrapping pointers for memory moves. This issue arises because a no-op interface conversion prevents the compiler from identifying non-overlapping memory movements accurately. As a result, this oversight may lead to potential memory corruption during runtime, impacting application stability and security.

Affected Version(s)

cmd/compile 0 < 1.25.9

cmd/compile 1.26.0-0 < 1.26.2

References

https://go.dev/cl/763764

https://go.dev/issue/78371

https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Feb 17, 2026

Credit

Jakub Ciolek - https://ciolek.dev/

CVE-2026-27144 Data

JSON