Root has patched CVE-2026-44973 in the rootio-github.com/go-git/go-billy/v5 package for Root:Go. Multiple fixed versions available.
{ "distro": "gobinary", "source": "Root", "distro_version": "", "severity": "HIGH" }
[ "v5.6.0-root.io.1", "v5.6.0-root.io.3" ]
""
2.0
"https://api.root.io/external/osv/ROOT-APP-GOBINARY-CVE-2026-44973.json"
true
"v5.6.0-root.io.3"
[ "v5.6.0-aikido.3" ]
1.0
"v5.6.0-aikido.3"