[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-39819":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T08:55:34.825Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":195,"aliases":196,"duplicate_of":9,"upstream":199,"downstream":200,"duplicates":209,"related":210,"reserved_at":9,"published_at":215,"modified_at":216,"state":217,"summary":218,"references_raw":227,"kevs":253,"epss":254,"epss_history":257,"metrics":343,"affected":350},"CVE-2026-39819","The \"go bug\" command writes to two files with predictable names in the system temporary directory (for example, \"/tmp\"). An attacker with access to the temporary directory can create a symlink in one of these names, causing \"go bug\" to overwrite the target of the symlink.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[197,198],"GO-2026-4978","BIT-golang-2026-39819",[],[201,203,205,207],{"_key":202},"OPENSUSE-SU-2026:10723-1",{"_key":204},"OPENSUSE-SU-2026:10741-1",{"_key":206},"DEBIAN-CVE-2026-39819",{"_key":208},"UBUNTU-CVE-2026-39819",[],[211,212,213],{"_key":202},{"_key":204},{"_key":214},"CGA-R6QX-G8X8-V264","2026-05-07T19:41:18.849Z","2026-05-08T21:29:53.674Z","Analyzed",{"cisa_kev":219,"cisa_ransomware":219,"cisa_vendor":9,"epss_severity":220,"epss_score":221,"severity":222,"severity_score":223,"severity_version":224,"severity_source":225,"severity_vector":226,"severity_status":217},false,"low",0.00009,"medium",5.3,"v3.1","cve.org","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",[228,236,242,248],{"url":229,"sources":230,"tags":233},"https://go.dev/issue/78584",[225,231,232],"nvd","osv_go",[234,235],"REPORT","Issue Tracking",{"url":237,"sources":238,"tags":239},"https://go.dev/cl/763882",[225,231,232],[240,241],"FIX","Patch",{"url":243,"sources":244,"tags":245},"https://groups.google.com/g/golang-announce/c/qcCIEXso47M",[225,231,232],[246,235,247],"WEB","Mailing List",{"url":249,"sources":250,"tags":251},"https://pkg.go.dev/vuln/GO-2026-4978",[225,231],[252],"Vendor Advisory",[],{"date":255,"score":221,"percentile":256},"2026-06-05",0.00876,[258,262,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,310,313,316,319,322,325,328,331,334,336,339,342],{"date":259,"score":260,"percentile":261},"2026-05-08",0.00007,0.00663,{"date":263,"score":264,"percentile":265},"2026-05-09",0.00006,0.00365,{"date":267,"score":264,"percentile":268},"2026-05-10",0.00362,{"date":270,"score":264,"percentile":271},"2026-05-11",0.00359,{"date":273,"score":264,"percentile":274},"2026-05-12",0.00356,{"date":276,"score":260,"percentile":277},"2026-05-13",0.00476,{"date":279,"score":221,"percentile":280},"2026-05-14",0.0083,{"date":282,"score":221,"percentile":283},"2026-05-15",0.00828,{"date":285,"score":221,"percentile":286},"2026-05-16",0.00822,{"date":288,"score":221,"percentile":289},"2026-05-17",0.00821,{"date":291,"score":221,"percentile":292},"2026-05-18",0.00813,{"date":294,"score":221,"percentile":295},"2026-05-19",0.00811,{"date":297,"score":221,"percentile":298},"2026-05-20",0.0081,{"date":300,"score":221,"percentile":301},"2026-05-21",0.00802,{"date":303,"score":221,"percentile":304},"2026-05-22",0.00861,{"date":306,"score":221,"percentile":307},"2026-05-23",0.0086,{"date":309,"score":221,"percentile":304},"2026-05-24",{"date":311,"score":221,"percentile":312},"2026-05-25",0.00858,{"date":314,"score":221,"percentile":315},"2026-05-26",0.00857,{"date":317,"score":221,"percentile":318},"2026-05-27",0.00865,{"date":320,"score":221,"percentile":321},"2026-05-28",0.00864,{"date":323,"score":221,"percentile":324},"2026-05-29",0.0087,{"date":326,"score":221,"percentile":327},"2026-05-30",0.00873,{"date":329,"score":221,"percentile":330},"2026-05-31",0.00872,{"date":332,"score":221,"percentile":333},"2026-06-01",0.00868,{"date":335,"score":221,"percentile":333},"2026-06-02",{"date":337,"score":221,"percentile":338},"2026-06-03",0.00867,{"date":340,"score":221,"percentile":341},"2026-06-04",0.00866,{"date":255,"score":221,"percentile":256},[344,348],{"source":225,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":345,"cvss_v4_0":9},{"baseScore":223,"baseSeverity":346,"vectorString":226,"impactScore":4,"exploitabilityScore":347},"MEDIUM",2.6,{"source":231,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":349,"cvss_v4_0":9},{"baseScore":223,"baseSeverity":346,"vectorString":226,"impactScore":4,"exploitabilityScore":347},[351,366,376],{"ecosystem":9,"name":352,"vendor":353,"product":352,"cpe_part":354,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":355},"cmd/go","go toolchain","a",[356,361],{"version":357,"is_range":358,"range_type":225,"version_start":9,"version_start_type":9,"version_end":359,"version_end_type":360,"fixed_in":9},"\u003C 1.25.10",true,"1.25.10","excluding",{"version":362,"is_range":358,"range_type":225,"version_start":363,"version_start_type":364,"version_end":365,"version_end_type":360,"fixed_in":9},">= 1.26.0-0, \u003C 1.26.3","1.26.0-0","including","1.26.3",{"ecosystem":9,"name":367,"vendor":368,"product":367,"cpe_part":354,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":369},"go","golang",[370,373],{"version":371,"is_range":358,"range_type":372,"version_start":9,"version_start_type":9,"version_end":359,"version_end_type":360,"fixed_in":9},"lt1.25.10","cpe",{"version":374,"is_range":358,"range_type":372,"version_start":375,"version_start_type":364,"version_end":365,"version_end_type":360,"fixed_in":9},"gte1.26.0_lt1.26.3","1.26.0",{"ecosystem":377,"name":378,"vendor":377,"product":378,"cpe_part":9,"purl_type":368,"purl_namespace":9,"purl_name":378,"source":9,"versions":379},"Go","toolchain",[380],{"version":381,"is_range":358,"range_type":382,"version_start":363,"version_start_type":364,"version_end":365,"version_end_type":360,"fixed_in":9},"gte1_26_0_0_lt1_26_3","semver"]