VDB

RHSA-2026%3A19351

RHSA-2026%3A19351 PUBLISHED CVSS 7.800000190734863 HIGH

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red Hatgrafana-pcp-debuginfo-0:5.1.1-15.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-0:5.1.1-15.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-0:5.1.1-15.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-0:5.1.1-15.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-debugsource-0:5.1.1-15.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-0:5.1.1-15.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-debuginfo-0:5.1.1-15.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-debuginfo-0:5.1.1-15.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-0:5.1.1-15.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-debugsource-0:5.1.1-15.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
golangGo
Red Hatgrafana-pcp-debugsource-0:5.1.1-15.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
Red Hatgrafana-pcp-debugsource-0:5.1.1-15.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9
golanggo
Red Hatgrafana-pcp-debuginfo-0:5.1.1-15.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9

Timeline

  • May 19, 2026 CVE Published
  • May 26, 2026 Distribution Patch
  • May 26, 2026 Distribution Patch
  • May 26, 2026 Security Advisory
  • May 26, 2026 Security Advisory
  • May 26, 2026 Security Advisory
  • Jun 5, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›