Root has patched CVE-2026-39830 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available.
{
"source": "Root",
"distro": "gobinary",
"distro_version": "",
"severity": "HIGH"
}"https://api.root.io/external/osv/ROOT-APP-GOBINARY-CVE-2026-39830.json"
true
""
"v0.46.0-root.io.2"
8.0
[
"v0.45.0-root.io.1",
"v0.49.0-root.io.1",
"v0.31.0-root.io.8",
"v0.37.0-root.io.3",
"v0.35.0-root.io.3",
"v0.45.0-root.io.2",
"v0.40.0-root.io.6",
"v0.46.0-root.io.2"
]
"https://api.root.io/external/osv/ROOT-APP-GOBINARY-CVE-2026-39830.json"
true
""
"v0.46.0-aikido.2"
8.0
[
"v0.45.0-aikido.1",
"v0.49.0-aikido.1",
"v0.31.0-aikido.8",
"v0.37.0-aikido.3",
"v0.35.0-aikido.3",
"v0.45.0-aikido.2",
"v0.40.0-aikido.6",
"v0.46.0-aikido.2"
]