CVE-2026-32282: CWE-61: UNIX Symbolic Link (Symlink) Following in Go standard library internal/syscall/unix
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
AI Analysis
Technical Summary
The vulnerability CVE-2026-32282 affects the Go standard library's internal syscall interface on Linux platforms. Specifically, the Root.Chmod function uses the fchmodat syscall with the AT_SYMLINK_NOFOLLOW flag to avoid following symlinks. However, the Linux implementation silently ignores this flag, allowing a race condition where the target file can be replaced by a symlink after the initial check but before the chmod operation. This can cause Root.Chmod to modify the permissions of a file outside the intended root directory if the symlink points elsewhere. The impact is limited to this race condition window and requires the attacker to replace the target with a symlink during the operation. There is no CVSS score or official patch available at this time.
Potential Impact
The impact is a potential unauthorized modification of file permissions outside the intended root directory due to symlink traversal during a chmod operation. This could lead to privilege escalation or unauthorized access if exploited. However, the vulnerability requires a precise race condition to be triggered, limiting its practical exploitability. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should be aware of the race condition risk when using Root.Chmod on Linux and consider additional application-level checks or avoid relying on this function in security-critical contexts.
CVE-2026-32282: CWE-61: UNIX Symbolic Link (Symlink) Following in Go standard library internal/syscall/unix
Description
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-32282 affects the Go standard library's internal syscall interface on Linux platforms. Specifically, the Root.Chmod function uses the fchmodat syscall with the AT_SYMLINK_NOFOLLOW flag to avoid following symlinks. However, the Linux implementation silently ignores this flag, allowing a race condition where the target file can be replaced by a symlink after the initial check but before the chmod operation. This can cause Root.Chmod to modify the permissions of a file outside the intended root directory if the symlink points elsewhere. The impact is limited to this race condition window and requires the attacker to replace the target with a symlink during the operation. There is no CVSS score or official patch available at this time.
Potential Impact
The impact is a potential unauthorized modification of file permissions outside the intended root directory due to symlink traversal during a chmod operation. This could lead to privilege escalation or unauthorized access if exploited. However, the vulnerability requires a precise race condition to be triggered, limiting its practical exploitability. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should be aware of the race condition risk when using Root.Chmod on Linux and consider additional application-level checks or avoid relying on this function in security-critical contexts.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Go
- Date Reserved
- 2026-03-11T16:38:46.556Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d5da2d43e2781badfbe68a
Added to database: 4/8/2026, 4:31:41 AM
Last enriched: 4/8/2026, 4:47:05 AM
Last updated: 4/8/2026, 9:36:01 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.