CVE-2026-32282: CWE-61: UNIX Symbolic Link (Symlink) Following in Go standard library internal/syscall/unix
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
AI Analysis
Technical Summary
On Linux, the Go standard library's Root.Chmod function attempts to avoid symlink traversal by checking if the target is a symlink outside the root and returning an error if so. However, due to the Linux fchmodat syscall ignoring the AT_SYMLINK_NOFOLLOW flag, if the target file is replaced with a symlink after the check but before the chmod operation, Root.Chmod may inadvertently operate on the symlink's target outside the intended root directory. This is a race condition vulnerability classified as CWE-61 (Improper Restriction of Symbolic Links). It affects Go versions up to 1.26.0-0. No official patch or remediation level has been published yet, and no known exploits are reported in the wild.
Potential Impact
The vulnerability allows a local attacker with high privileges to potentially cause Root.Chmod to change permissions on files outside the intended root directory by exploiting a race condition involving symlink replacement. This could lead to unauthorized modification of file permissions, impacting confidentiality, integrity, and availability of affected files. However, exploitation requires precise timing and elevated privileges, limiting the practical impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should be cautious when using Root.Chmod in environments where untrusted users can replace files with symlinks during operations. Consider implementing additional application-level checks or avoiding use of vulnerable versions if possible.
CVE-2026-32282: CWE-61: UNIX Symbolic Link (Symlink) Following in Go standard library internal/syscall/unix
Description
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
On Linux, the Go standard library's Root.Chmod function attempts to avoid symlink traversal by checking if the target is a symlink outside the root and returning an error if so. However, due to the Linux fchmodat syscall ignoring the AT_SYMLINK_NOFOLLOW flag, if the target file is replaced with a symlink after the check but before the chmod operation, Root.Chmod may inadvertently operate on the symlink's target outside the intended root directory. This is a race condition vulnerability classified as CWE-61 (Improper Restriction of Symbolic Links). It affects Go versions up to 1.26.0-0. No official patch or remediation level has been published yet, and no known exploits are reported in the wild.
Potential Impact
The vulnerability allows a local attacker with high privileges to potentially cause Root.Chmod to change permissions on files outside the intended root directory by exploiting a race condition involving symlink replacement. This could lead to unauthorized modification of file permissions, impacting confidentiality, integrity, and availability of affected files. However, exploitation requires precise timing and elevated privileges, limiting the practical impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should be cautious when using Root.Chmod in environments where untrusted users can replace files with symlinks during operations. Consider implementing additional application-level checks or avoiding use of vulnerable versions if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Go
- Date Reserved
- 2026-03-11T16:38:46.556Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d5da2d43e2781badfbe68a
Added to database: 4/8/2026, 4:31:41 AM
Last enriched: 4/15/2026, 11:51:25 AM
Last updated: 5/23/2026, 11:02:25 PM
Views: 148
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.