{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32282", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2026-03-11T16:38:46.556Z", "datePublished": "2026-04-08T01:06:55.953Z", "dateUpdated": "2026-04-08T01:06:55.953Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2026-04-08T01:06:55.953Z"}, "title": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix", "descriptions": [{"lang": "en", "value": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation."}], "affected": [{"vendor": "Go standard library", "product": "internal/syscall/unix", "collectionURL": "https://pkg.go.dev", "packageName": "internal/syscall/unix", "versions": [{"version": "0", "lessThan": "1.25.9", "status": "affected", "versionType": "semver"}, {"version": "1.26.0-0", "lessThan": "1.26.2", "status": "affected", "versionType": "semver"}], "platforms": ["linux"], "programRoutines": [{"name": "Fchmodat"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following"}]}], "references": [{"url": "https://go.dev/cl/763761"}, {"url": "https://go.dev/issue/78293"}, {"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"}, {"url": "https://pkg.go.dev/vuln/GO-2026-4864"}], "credits": [{"lang": "en", "value": "Uuganbayar Lkhamsuren (https://github.com/uug4na)"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation."}], "id": "CVE-2026-32282", "lastModified": "2026-04-08T21:26:35.910", "metrics": {}, "published": "2026-04-08T02:16:03.467", "references": [{"source": "security@golang.org", "url": "https://go.dev/cl/763761"}, {"source": "security@golang.org", "url": "https://go.dev/issue/78293"}, {"source": "security@golang.org", "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"}, {"source": "security@golang.org", "url": "https://pkg.go.dev/vuln/GO-2026-4864"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.25.9)"}}, {"platform": ["linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[1.26.0-0,1.26.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "internal/syscall/unix", "source": "cna", "vendor": "Go standard library"}, "product": "internal/syscall/unix", "vendor": "go_standard_library"}], "analysis": {"en": {"generated_at": "2026-04-08T02:51:04.958561+00:00", "value": {"mitigation_remediation": ["Identify any use of Root.Chmod in your Go applications and determine if it operates on privileged files.", "Replace or remove Root.Chmod calls where possible, or add additional validation to prevent symlink traversal before the operation.", "Upgrade to the latest stable Go release once a patch is incorporated for this issue.", "Use operating\u2011system controls such as SELinux, AppArmor, or file\u2011system permissions to restrict root file modifications and isolate the affected processes.", "Run the programs with the minimum privileges required, avoiding execution as root whenever feasible."], "summary": {"action": "Assess Impact", "impact": "Privilege Escalation via Symlink Race"}, "threat_synthesis": {"affected_systems": "All Linux deployments that run Go programs which compile against the standard library\u2019s internal/syscall/unix package are affected, regardless of Go version, as the issue exists in any version where the Root.Chmod implementation is present. Any program that uses Root.Chmod on files that may be reachable by untrusted input is potentially vulnerable. The problem is therefore not limited to a specific Go release or distribution but applies across all systems that use the vulnerable code path.", "description_and_impact": "The vulnerability is a time\u2011of\u2011check to time\u2011of\u2011use race condition in Go\u2019s standard library internal/syscall/unix package. During a Root.Chmod operation on Linux, the implementation checks whether the target is a symlink that resides outside the root namespace and aborts if so. However, the underlying Linux fchmodat system call ignores the AT_SYMLINK_NOFOLLOW flag that Root.Chmod relies upon to prevent symlink traversal. An attacker can replace the original file with a symlink between this check and the chmod call, causing the operation to affect the symlink\u2019s destination, which may be outside the root. The result is a privilege escalation that allows a root\u2011running Go program to modify files it should not be able to, potentially compromising system integrity and confidentiality.", "risk_and_exploitability": "Risk is difficult to quantify precisely due to the absence of CVSS, EPSS, or KEV data; the vulnerability does not appear in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the attacker must have local access to manipulate the target file while the Go program is executing with root privileges. The attack requires a carefully timed race condition between the link replacement and the chmod operation, making it somewhat challenging to exploit reliably. Nevertheless, on systems where Root.Chmod is invoked on files controlled by users or processes that privilege escalation is possible, the threat is significant."}}}}, "created": "2026-04-08T19:33:39.821769+00:00", "updated": "2026-04-08T19:44:26.103523+00:00", "vendors": ["go_standard_library", "go_standard_library$PRODUCT$internal/syscall/unix"], "weaknesses": ["CWE-367", "CWE-682"]}