Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names
Summary
Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names. Red Hat rates this important (CVSS 9). Weakness: CWE-641. Affected package(s): openshift4/cloud-network-config-controller-rhel9:1780040126, openshift4/ose-agent-installer-utils-rhel9:1780044523, openshift4/ose-vsphere-csi-driver-rhel9-operator:1780040095, openshift4/ose-aws-cloud-controller-manager-rhel9:1780040386, openshift4/ose-aws-cluster-api-controllers-rhel9:1780040551, openshift4/ose-ironic-machine-os-downloader-rhel9:1780365576. Resolved in Red Hat advisory RHSA-2026:10704 — update the affected packages (`sudo dnf update`).
- openshift4/cloud-network-config-controller-rhel9:1780040126
- openshift4/ose-agent-installer-utils-rhel9:1780044523
- openshift4/ose-vsphere-csi-driver-rhel9-operator:1780040095
- openshift4/ose-aws-cloud-controller-manager-rhel9:1780040386
- openshift4/ose-aws-cluster-api-controllers-rhel9:1780040551
- openshift4/ose-ironic-machine-os-downloader-rhel9:1780365576
- openshift4/ose-ovn-kubernetes-microshift-rhel9:1780046352
- golang-0:1.17.13-12.el9_0
- openshift4/ose-olm-operator-controller-rhel9:1780045015
- openshift4/ose-multus-route-override-cni-rhel9:1780040139
- openshift4/openshift-route-controller-manager-rhel9:1780042119
- openshift4/ose-console-rhel9-operator:1780043143
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
- RHSA-2026:10704
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:10704 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.