UBUNTU-CVE-2026-32282
- Source
- https://ubuntu.com/security/CVE-2026-32282
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-32282.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-32282
- Upstream
- Published
- 2026-04-08T02:16:00Z
- Modified
- 2026-05-20T16:12:40.718814769Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the ATSYMLINKNOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
- References
Affected packages
Ubuntu:14.04:LTS
golang-1.10
Package
- Name
- golang-1.10
- Purl
- pkg:deb/ubuntu/golang-1.10?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:16.04:LTS
golang-1.10
Package
- Name
- golang-1.10
- Purl
- pkg:deb/ubuntu/golang-1.10?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.6
Package
- Name
- golang-1.6
- Purl
- pkg:deb/ubuntu/golang-1.6?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.6-0ubuntu1
1.6-0ubuntu2
1.6-0ubuntu3
1.6-0ubuntu4
1.6-0ubuntu5
1.6.1-0ubuntu1
1.6.2-0ubuntu5~16.04
1.6.2-0ubuntu5~16.04.2
1.6.2-0ubuntu5~16.04.3
1.6.2-0ubuntu5~16.04.4
Ubuntu:18.04:LTS
golang-1.10
Package
- Name
- golang-1.10
- Purl
- pkg:deb/ubuntu/golang-1.10?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.10~rc1-1
1.10~rc1-1ubuntu1
1.10~rc1-2ubuntu1
1.10~rc2-1ubuntu1
1.10-1ubuntu1
1.10.1-1ubuntu2
1.10.4-2ubuntu1~18.04.1
1.10.4-2ubuntu1~18.04.2
golang-1.8
Package
- Name
- golang-1.8
- Purl
- pkg:deb/ubuntu/golang-1.8?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "golang-1.8",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_name": "golang-1.8-go-shared-dev",
"binary_version": "1.8.3-2ubuntu1.18.04.1"
},
{
"binary_version": "1.8.3-2ubuntu1.18.04.1",
"binary_name": "golang-1.8-src"
},
{
"binary_version": "1.8.3-2ubuntu1.18.04.1",
"binary_name": "libgolang-1.8-std1"
}
]
}golang-1.9
Package
- Name
- golang-1.9
- Purl
- pkg:deb/ubuntu/golang-1.9?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:20.04:LTS
golang-1.13
Package
- Name
- golang-1.13
- Purl
- pkg:deb/ubuntu/golang-1.13?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.13.1-1ubuntu1
1.13.3-1ubuntu1
1.13.4-1ubuntu1
1.13.5-1ubuntu1
1.13.6-1ubuntu1
1.13.6-2ubuntu1
1.13.7-1ubuntu1
1.13.8-1ubuntu1
1.13.8-1ubuntu1.1
1.13.8-1ubuntu1.2
golang-1.14
Package
- Name
- golang-1.14
- Purl
- pkg:deb/ubuntu/golang-1.14?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.14~beta1-1
1.14~beta1-2
1.14~rc1-1
1.14-1
1.14.1-1
1.14.2-1
1.14.2-1ubuntu1
1.14.3-2ubuntu2~20.04.1
1.14.3-2ubuntu2~20.04.2
golang-1.18
Package
- Name
- golang-1.18
- Purl
- pkg:deb/ubuntu/golang-1.18?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.20
Package
- Name
- golang-1.20
- Purl
- pkg:deb/ubuntu/golang-1.20?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.21
Package
- Name
- golang-1.21
- Purl
- pkg:deb/ubuntu/golang-1.21?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.22
Package
- Name
- golang-1.22
- Purl
- pkg:deb/ubuntu/golang-1.22?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS
golang-1.17
Package
- Name
- golang-1.17
- Purl
- pkg:deb/ubuntu/golang-1.17?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.17-1ubuntu2
1.17.3-1ubuntu1
1.17.3-1ubuntu2
1.17.13-3ubuntu1
1.17.13-3ubuntu1.2
1.17.13-3ubuntu1.3
golang-1.18
Package
- Name
- golang-1.18
- Purl
- pkg:deb/ubuntu/golang-1.18?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.18~beta1-0ubuntu1
1.18~beta2-1ubuntu1
1.18~beta2-1ubuntu2
1.18~rc1-1ubuntu1
1.18-1ubuntu1
1.18.1-1ubuntu1
1.18.1-1ubuntu1.1
1.18.1-1ubuntu1.2
golang-1.20
Package
- Name
- golang-1.20
- Purl
- pkg:deb/ubuntu/golang-1.20?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.21
Package
- Name
- golang-1.21
- Purl
- pkg:deb/ubuntu/golang-1.21?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.22
Package
- Name
- golang-1.22
- Purl
- pkg:deb/ubuntu/golang-1.22?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.23
Package
- Name
- golang-1.23
- Purl
- pkg:deb/ubuntu/golang-1.23?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.24
Package
- Name
- golang-1.24
- Purl
- pkg:deb/ubuntu/golang-1.24?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS
golang-1.21
Package
- Name
- golang-1.21
- Purl
- pkg:deb/ubuntu/golang-1.21?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.21.1-1
1.21.3-1
1.21.4-1
1.21.5-1
1.21.6-1
1.21.7-1
1.21.7-2
1.21.8-1
1.21.8-1build1
1.21.9-1
1.21.9-1ubuntu0.1
golang-1.22
Package
- Name
- golang-1.22
- Purl
- pkg:deb/ubuntu/golang-1.22?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.22~rc1-2
1.22.0-1
1.22.0-2
1.22.1-1
1.22.1-1build1
1.22.2-2
1.22.2-2ubuntu0.1
1.22.2-2ubuntu0.2
1.22.2-2ubuntu0.3
1.22.2-2ubuntu0.4
golang-1.23
Package
- Name
- golang-1.23
- Purl
- pkg:deb/ubuntu/golang-1.23?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.24
Package
- Name
- golang-1.24
- Purl
- pkg:deb/ubuntu/golang-1.24?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10
golang-1.23
Package
- Name
- golang-1.23
- Purl
- pkg:deb/ubuntu/golang-1.23?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.24
Package
- Name
- golang-1.24
- Purl
- pkg:deb/ubuntu/golang-1.24?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.25
Package
- Name
- golang-1.25
- Purl
- pkg:deb/ubuntu/golang-1.25?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:26.04:LTS
golang-1.23
Package
- Name
- golang-1.23
- Purl
- pkg:deb/ubuntu/golang-1.23?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.24
Package
- Name
- golang-1.24
- Purl
- pkg:deb/ubuntu/golang-1.24?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.25
Package
- Name
- golang-1.25
- Purl
- pkg:deb/ubuntu/golang-1.25?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:16.04:LTS
golang-1.13
Package
- Name
- golang-1.13
- Purl
- pkg:deb/ubuntu/golang-1.13?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.13.8-1ubuntu1~16.04.2
1.13.8-1ubuntu1~16.04.3
1.13.8-1ubuntu1~16.04.3+esm2
1.13.8-1ubuntu1~16.04.3+esm3
golang-1.18
Package
- Name
- golang-1.18
- Purl
- pkg:deb/ubuntu/golang-1.18?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS
golang-1.13
Package
- Name
- golang-1.13
- Purl
- pkg:deb/ubuntu/golang-1.13?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.13.8-1ubuntu1~18.04.2
1.13.8-1ubuntu1~18.04.3
1.13.8-1ubuntu1~18.04.4
1.13.8-1ubuntu1~18.04.4+esm1
golang-1.16
Package
- Name
- golang-1.16
- Purl
- pkg:deb/ubuntu/golang-1.16?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-1.18
Package
- Name
- golang-1.18
- Purl
- pkg:deb/ubuntu/golang-1.18?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:20.04:LTS
golang-1.16
Package
- Name
- golang-1.16
- Purl
- pkg:deb/ubuntu/golang-1.16?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:22.04:LTS
golang-1.13
Package
- Name
- golang-1.13
- Purl
- pkg:deb/ubuntu/golang-1.13?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.13.8-1ubuntu2
1.13.8-1ubuntu2.22.04.1
1.13.8-1ubuntu2.22.04.1+esm1
1.13.8-1ubuntu2.22.04.2