VDB
RHSA-2026%3A19351
RHSA-2026%3A19351
PUBLISHED
CVSS 7.800000190734863 HIGH
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | grafana-pcp-debuginfo-0:5.1.1-15.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-0:5.1.1-15.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-0:5.1.1-15.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-0:5.1.1-15.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-debugsource-0:5.1.1-15.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-0:5.1.1-15.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-debuginfo-0:5.1.1-15.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-debuginfo-0:5.1.1-15.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-0:5.1.1-15.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-debugsource-0:5.1.1-15.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| golang | Go | |
| Red Hat | grafana-pcp-debugsource-0:5.1.1-15.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| Red Hat | grafana-pcp-debugsource-0:5.1.1-15.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
| golang | go | |
| Red Hat | grafana-pcp-debuginfo-0:5.1.1-15.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9) | 5.1.1-15.el9, 5.1.1-15.el9, 5.1.1-15.el9 |
Timeline
- May 19, 2026 CVE Published
- May 26, 2026 Distribution Patch
- May 26, 2026 Distribution Patch
- May 26, 2026 Security Advisory
- May 26, 2026 Security Advisory
- May 26, 2026 Security Advisory
- Jun 5, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:19351 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2456336 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2456338 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19351.json advisory
- https://access.redhat.com/security/cve/CVE-2026-32282 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-32282 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-32282 advisory
- https://go.dev/cl/763761 advisory
- https://go.dev/issue/78293 advisory
- https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU advisory
- https://pkg.go.dev/vuln/GO-2026-4864 advisory
- https://access.redhat.com/security/cve/CVE-2026-32283 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-32283 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-32283 advisory
- https://go.dev/cl/763767 advisory
- https://go.dev/issue/78334 advisory
- https://pkg.go.dev/vuln/GO-2026-4870 advisory