Red Hat Security Advisory: golang security update
This Red Hat security advisory addresses multiple vulnerabilities in the golang packages, which provide the Go programming language compiler. The issues include excessive CPU consumption during archive index building (CVE-2025-61728), memory exhaustion in query parameter parsing (CVE-2025-61726), and potential code smuggling via doc comments (CVE-2025-61732). The vulnerabilities affect Red Hat Enterprise Linux 9. 2 and related packages. Red Hat has released updated golang packages to remediate these issues. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
The golang packages in Red Hat Enterprise Linux 9.2 contain three security vulnerabilities: CVE-2025-61728 causes excessive CPU consumption when building archive indexes in the archive/zip package; CVE-2025-61726 leads to memory exhaustion during query parameter parsing in the net/url package; and CVE-2025-61732 involves potential code smuggling via documentation comments in cmd/cgo. These issues can impact system stability and security by exhausting resources or enabling unexpected code behavior. Red Hat has issued updated golang packages to fix these vulnerabilities as detailed in advisory RHSA-2026:3472.
Potential Impact
The vulnerabilities can cause denial of service conditions through excessive CPU or memory consumption and may allow unexpected code execution paths via code smuggling. These impacts could degrade system performance or reliability. No evidence of active exploitation is reported. The issues affect systems running the affected golang packages on Red Hat Enterprise Linux 9.2 and related distributions.
Mitigation Recommendations
Red Hat has released updated golang packages that address these vulnerabilities. Users should apply the security update for golang as described in Red Hat advisory RHSA-2026:3472 and the related article https://access.redhat.com/articles/11258. Applying these official patches is the recommended remediation. No additional mitigations are indicated by the vendor advisory.
Red Hat Security Advisory: golang security update
Description
This Red Hat security advisory addresses multiple vulnerabilities in the golang packages, which provide the Go programming language compiler. The issues include excessive CPU consumption during archive index building (CVE-2025-61728), memory exhaustion in query parameter parsing (CVE-2025-61726), and potential code smuggling via doc comments (CVE-2025-61732). The vulnerabilities affect Red Hat Enterprise Linux 9. 2 and related packages. Red Hat has released updated golang packages to remediate these issues. No known exploits are reported in the wild at this time.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The golang packages in Red Hat Enterprise Linux 9.2 contain three security vulnerabilities: CVE-2025-61728 causes excessive CPU consumption when building archive indexes in the archive/zip package; CVE-2025-61726 leads to memory exhaustion during query parameter parsing in the net/url package; and CVE-2025-61732 involves potential code smuggling via documentation comments in cmd/cgo. These issues can impact system stability and security by exhausting resources or enabling unexpected code behavior. Red Hat has issued updated golang packages to fix these vulnerabilities as detailed in advisory RHSA-2026:3472.
Potential Impact
The vulnerabilities can cause denial of service conditions through excessive CPU or memory consumption and may allow unexpected code execution paths via code smuggling. These impacts could degrade system performance or reliability. No evidence of active exploitation is reported. The issues affect systems running the affected golang packages on Red Hat Enterprise Linux 9.2 and related distributions.
Mitigation Recommendations
Red Hat has released updated golang packages that address these vulnerabilities. Users should apply the security update for golang as described in Red Hat advisory RHSA-2026:3472 and the related article https://access.redhat.com/articles/11258. Applying these official patches is the recommended remediation. No additional mitigations are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:3472
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-61728","CVE-2025-61732"]
- Cvss Version
- null
Threat ID: 6a160969e29bf47b5062f02c
Added to database: 5/26/2026, 8:58:17 PM
Last enriched: 5/26/2026, 9:41:15 PM
Last updated: 5/27/2026, 5:03:40 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.