UBUNTU-CVE-2026-39825

Source
https://ubuntu.com/security/CVE-2026-39825
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-39825
Upstream
Published
2026-05-07T20:16:00Z
Modified
2026-07-08T22:45:17.685910734Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query "a1=x&a2=x&...&a10000=x&hidden=y" can forward the parameter "hidden=y" while hiding it from the proxy's Rewrite function.

References

Affected packages

Ubuntu:14.04:LTS
golang-1.10

Package

Name
golang-1.10
Purl
pkg:deb/ubuntu/golang-1.10?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.10.4-2ubuntu1~14.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.10",
            "binary_version": "1.10.4-2ubuntu1~14.04.1"
        },
        {
            "binary_name": "golang-1.10-go",
            "binary_version": "1.10.4-2ubuntu1~14.04.1"
        },
        {
            "binary_name": "golang-1.10-src",
            "binary_version": "1.10.4-2ubuntu1~14.04.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:16.04:LTS
golang-1.10

Package

Name
golang-1.10
Purl
pkg:deb/ubuntu/golang-1.10?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.10.4-2ubuntu1~16.04.1
1.10.4-2ubuntu1~16.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.10",
            "binary_version": "1.10.4-2ubuntu1~16.04.2"
        },
        {
            "binary_name": "golang-1.10-go",
            "binary_version": "1.10.4-2ubuntu1~16.04.2"
        },
        {
            "binary_name": "golang-1.10-src",
            "binary_version": "1.10.4-2ubuntu1~16.04.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.6

Package

Name
golang-1.6
Purl
pkg:deb/ubuntu/golang-1.6?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.6-0ubuntu1
1.6-0ubuntu2
1.6-0ubuntu3
1.6-0ubuntu4
1.6-0ubuntu5
1.6.1-0ubuntu1
1.6.2-0ubuntu5~16.04
1.6.2-0ubuntu5~16.04.2
1.6.2-0ubuntu5~16.04.3
1.6.2-0ubuntu5~16.04.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.6",
            "binary_version": "1.6.2-0ubuntu5~16.04.4"
        },
        {
            "binary_name": "golang-1.6-go",
            "binary_version": "1.6.2-0ubuntu5~16.04.4"
        },
        {
            "binary_name": "golang-1.6-src",
            "binary_version": "1.6.2-0ubuntu5~16.04.4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:18.04:LTS
golang-1.10

Package

Name
golang-1.10
Purl
pkg:deb/ubuntu/golang-1.10?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.10~rc1-1
1.10~rc1-1ubuntu1
1.10~rc1-2ubuntu1
1.10~rc2-1ubuntu1
1.10-1ubuntu1
1.10.1-1ubuntu2
1.10.4-2ubuntu1~18.04.1
1.10.4-2ubuntu1~18.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.10",
            "binary_version": "1.10.4-2ubuntu1~18.04.2"
        },
        {
            "binary_name": "golang-1.10-go",
            "binary_version": "1.10.4-2ubuntu1~18.04.2"
        },
        {
            "binary_name": "golang-1.10-src",
            "binary_version": "1.10.4-2ubuntu1~18.04.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.8

Package

Name
golang-1.8
Purl
pkg:deb/ubuntu/golang-1.8?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.8.3-2ubuntu1
1.8.3-2ubuntu1.18.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.8",
            "binary_version": "1.8.3-2ubuntu1.18.04.1"
        },
        {
            "binary_name": "golang-1.8-go",
            "binary_version": "1.8.3-2ubuntu1.18.04.1"
        },
        {
            "binary_name": "golang-1.8-go-shared-dev",
            "binary_version": "1.8.3-2ubuntu1.18.04.1"
        },
        {
            "binary_name": "golang-1.8-src",
            "binary_version": "1.8.3-2ubuntu1.18.04.1"
        },
        {
            "binary_name": "libgolang-1.8-std1",
            "binary_version": "1.8.3-2ubuntu1.18.04.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.9

Package

Name
golang-1.9
Purl
pkg:deb/ubuntu/golang-1.9?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.9.1-2ubuntu1
1.9.2-1ubuntu1
1.9.2-3ubuntu1
1.9.3-1ubuntu1
1.9.4-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.9",
            "binary_version": "1.9.4-1ubuntu1"
        },
        {
            "binary_name": "golang-1.9-go",
            "binary_version": "1.9.4-1ubuntu1"
        },
        {
            "binary_name": "golang-1.9-src",
            "binary_version": "1.9.4-1ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:20.04:LTS
golang-1.13

Package

Name
golang-1.13
Purl
pkg:deb/ubuntu/golang-1.13?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.13.1-1ubuntu1
1.13.3-1ubuntu1
1.13.4-1ubuntu1
1.13.5-1ubuntu1
1.13.6-1ubuntu1
1.13.6-2ubuntu1
1.13.7-1ubuntu1
1.13.8-1ubuntu1
1.13.8-1ubuntu1.1
1.13.8-1ubuntu1.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.13",
            "binary_version": "1.13.8-1ubuntu1.2"
        },
        {
            "binary_name": "golang-1.13-go",
            "binary_version": "1.13.8-1ubuntu1.2"
        },
        {
            "binary_name": "golang-1.13-src",
            "binary_version": "1.13.8-1ubuntu1.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.14

Package

Name
golang-1.14
Purl
pkg:deb/ubuntu/golang-1.14?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.14~beta1-1
1.14~beta1-2
1.14~rc1-1
1.14-1
1.14.1-1
1.14.2-1
1.14.2-1ubuntu1
1.14.3-2ubuntu2~20.04.1
1.14.3-2ubuntu2~20.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.14",
            "binary_version": "1.14.3-2ubuntu2~20.04.2"
        },
        {
            "binary_name": "golang-1.14-go",
            "binary_version": "1.14.3-2ubuntu2~20.04.2"
        },
        {
            "binary_name": "golang-1.14-src",
            "binary_version": "1.14.3-2ubuntu2~20.04.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.18

Package

Name
golang-1.18
Purl
pkg:deb/ubuntu/golang-1.18?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.18.1-1ubuntu1~20.04.1
1.18.1-1ubuntu1~20.04.2
1.18.1-1ubuntu1~20.04.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.18",
            "binary_version": "1.18.1-1ubuntu1~20.04.3"
        },
        {
            "binary_name": "golang-1.18-go",
            "binary_version": "1.18.1-1ubuntu1~20.04.3"
        },
        {
            "binary_name": "golang-1.18-src",
            "binary_version": "1.18.1-1ubuntu1~20.04.3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.20

Package

Name
golang-1.20
Purl
pkg:deb/ubuntu/golang-1.20?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.20.3-1ubuntu0.1~20.04
1.20.3-1ubuntu0.1~20.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.20",
            "binary_version": "1.20.3-1ubuntu0.1~20.04.1"
        },
        {
            "binary_name": "golang-1.20-go",
            "binary_version": "1.20.3-1ubuntu0.1~20.04.1"
        },
        {
            "binary_name": "golang-1.20-src",
            "binary_version": "1.20.3-1ubuntu0.1~20.04.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.21

Package

Name
golang-1.21
Purl
pkg:deb/ubuntu/golang-1.21?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.21.1-1~ubuntu20.04.1
1.21.1-1~ubuntu20.04.2
1.21.1-1~ubuntu20.04.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.21",
            "binary_version": "1.21.1-1~ubuntu20.04.3"
        },
        {
            "binary_name": "golang-1.21-go",
            "binary_version": "1.21.1-1~ubuntu20.04.3"
        },
        {
            "binary_name": "golang-1.21-src",
            "binary_version": "1.21.1-1~ubuntu20.04.3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.22

Package

Name
golang-1.22
Purl
pkg:deb/ubuntu/golang-1.22?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.22.2-2~20.04.1
1.22.2-2~20.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.22",
            "binary_version": "1.22.2-2~20.04.2"
        },
        {
            "binary_name": "golang-1.22-go",
            "binary_version": "1.22.2-2~20.04.2"
        },
        {
            "binary_name": "golang-1.22-src",
            "binary_version": "1.22.2-2~20.04.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:22.04:LTS
golang-1.17

Package

Name
golang-1.17
Purl
pkg:deb/ubuntu/golang-1.17?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.17-1ubuntu2
1.17.3-1ubuntu1
1.17.3-1ubuntu2
1.17.13-3ubuntu1
1.17.13-3ubuntu1.2
1.17.13-3ubuntu1.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.17",
            "binary_version": "1.17.13-3ubuntu1.3"
        },
        {
            "binary_name": "golang-1.17-go",
            "binary_version": "1.17.13-3ubuntu1.3"
        },
        {
            "binary_name": "golang-1.17-src",
            "binary_version": "1.17.13-3ubuntu1.3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.18

Package

Name
golang-1.18
Purl
pkg:deb/ubuntu/golang-1.18?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.18~beta1-0ubuntu1
1.18~beta2-1ubuntu1
1.18~beta2-1ubuntu2
1.18~rc1-1ubuntu1
1.18-1ubuntu1
1.18.1-1ubuntu1
1.18.1-1ubuntu1.1
1.18.1-1ubuntu1.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.18",
            "binary_version": "1.18.1-1ubuntu1.2"
        },
        {
            "binary_name": "golang-1.18-go",
            "binary_version": "1.18.1-1ubuntu1.2"
        },
        {
            "binary_name": "golang-1.18-src",
            "binary_version": "1.18.1-1ubuntu1.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.20

Package

Name
golang-1.20
Purl
pkg:deb/ubuntu/golang-1.20?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.20.3-1ubuntu0.1~22.04
1.20.3-1ubuntu0.1~22.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.20",
            "binary_version": "1.20.3-1ubuntu0.1~22.04.1"
        },
        {
            "binary_name": "golang-1.20-go",
            "binary_version": "1.20.3-1ubuntu0.1~22.04.1"
        },
        {
            "binary_name": "golang-1.20-src",
            "binary_version": "1.20.3-1ubuntu0.1~22.04.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.21

Package

Name
golang-1.21
Purl
pkg:deb/ubuntu/golang-1.21?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.21.1-1~ubuntu22.04.1
1.21.1-1~ubuntu22.04.2
1.21.1-1~ubuntu22.04.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.21",
            "binary_version": "1.21.1-1~ubuntu22.04.3"
        },
        {
            "binary_name": "golang-1.21-go",
            "binary_version": "1.21.1-1~ubuntu22.04.3"
        },
        {
            "binary_name": "golang-1.21-src",
            "binary_version": "1.21.1-1~ubuntu22.04.3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.22

Package

Name
golang-1.22
Purl
pkg:deb/ubuntu/golang-1.22?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.22.2-2~22.04
1.22.2-2~22.04.1
1.22.2-2~22.04.2
1.22.2-2~22.04.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.22",
            "binary_version": "1.22.2-2~22.04.3"
        },
        {
            "binary_name": "golang-1.22-go",
            "binary_version": "1.22.2-2~22.04.3"
        },
        {
            "binary_name": "golang-1.22-src",
            "binary_version": "1.22.2-2~22.04.3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.23

Package

Name
golang-1.23
Purl
pkg:deb/ubuntu/golang-1.23?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.23.1-1~22.04
1.23.1-1~22.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.23",
            "binary_version": "1.23.1-1~22.04.2"
        },
        {
            "binary_name": "golang-1.23-go",
            "binary_version": "1.23.1-1~22.04.2"
        },
        {
            "binary_name": "golang-1.23-src",
            "binary_version": "1.23.1-1~22.04.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.24

Package

Name
golang-1.24
Purl
pkg:deb/ubuntu/golang-1.24?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.24.4-1ubuntu1~22.04.1
1.24.4-1ubuntu1~22.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.24",
            "binary_version": "1.24.4-1ubuntu1~22.04.2"
        },
        {
            "binary_name": "golang-1.24-go",
            "binary_version": "1.24.4-1ubuntu1~22.04.2"
        },
        {
            "binary_name": "golang-1.24-src",
            "binary_version": "1.24.4-1ubuntu1~22.04.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:24.04:LTS
golang-1.21

Package

Name
golang-1.21
Purl
pkg:deb/ubuntu/golang-1.21?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.21.1-1
1.21.3-1
1.21.4-1
1.21.5-1
1.21.6-1
1.21.7-1
1.21.7-2
1.21.8-1
1.21.8-1build1
1.21.9-1
1.21.9-1ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.21",
            "binary_version": "1.21.9-1ubuntu0.1"
        },
        {
            "binary_name": "golang-1.21-go",
            "binary_version": "1.21.9-1ubuntu0.1"
        },
        {
            "binary_name": "golang-1.21-src",
            "binary_version": "1.21.9-1ubuntu0.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.22

Package

Name
golang-1.22
Purl
pkg:deb/ubuntu/golang-1.22?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.22~rc1-2
1.22.0-1
1.22.0-2
1.22.1-1
1.22.1-1build1
1.22.2-2
1.22.2-2ubuntu0.1
1.22.2-2ubuntu0.2
1.22.2-2ubuntu0.3
1.22.2-2ubuntu0.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.22",
            "binary_version": "1.22.2-2ubuntu0.4"
        },
        {
            "binary_name": "golang-1.22-go",
            "binary_version": "1.22.2-2ubuntu0.4"
        },
        {
            "binary_name": "golang-1.22-src",
            "binary_version": "1.22.2-2ubuntu0.4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.23

Package

Name
golang-1.23
Purl
pkg:deb/ubuntu/golang-1.23?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.23.1-1~24.04
1.23.1-1~24.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.23",
            "binary_version": "1.23.1-1~24.04.1"
        },
        {
            "binary_name": "golang-1.23-go",
            "binary_version": "1.23.1-1~24.04.1"
        },
        {
            "binary_name": "golang-1.23-src",
            "binary_version": "1.23.1-1~24.04.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.24

Package

Name
golang-1.24
Purl
pkg:deb/ubuntu/golang-1.24?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.24.4-1ubuntu1~24.04.1
1.24.4-1ubuntu1~24.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.24",
            "binary_version": "1.24.4-1ubuntu1~24.04.2"
        },
        {
            "binary_name": "golang-1.24-go",
            "binary_version": "1.24.4-1ubuntu1~24.04.2"
        },
        {
            "binary_name": "golang-1.24-src",
            "binary_version": "1.24.4-1ubuntu1~24.04.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:25.10
golang-1.23

Package

Name
golang-1.23
Purl
pkg:deb/ubuntu/golang-1.23?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.23.8-1
1.23.10-1
1.23.10-1ubuntu0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.23",
            "binary_version": "1.23.10-1ubuntu0.2"
        },
        {
            "binary_name": "golang-1.23-go",
            "binary_version": "1.23.10-1ubuntu0.2"
        },
        {
            "binary_name": "golang-1.23-src",
            "binary_version": "1.23.10-1ubuntu0.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.24

Package

Name
golang-1.24
Purl
pkg:deb/ubuntu/golang-1.24?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.24.2-1
1.24.2-2
1.24.4-1
1.24.4-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.24",
            "binary_version": "1.24.4-1ubuntu1"
        },
        {
            "binary_name": "golang-1.24-go",
            "binary_version": "1.24.4-1ubuntu1"
        },
        {
            "binary_name": "golang-1.24-src",
            "binary_version": "1.24.4-1ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.25

Package

Name
golang-1.25
Purl
pkg:deb/ubuntu/golang-1.25?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.25.0-0ubuntu1
1.25.7-2~25.10.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.25",
            "binary_version": "1.25.7-2~25.10.1"
        },
        {
            "binary_name": "golang-1.25-go",
            "binary_version": "1.25.7-2~25.10.1"
        },
        {
            "binary_name": "golang-1.25-src",
            "binary_version": "1.25.7-2~25.10.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:26.04:LTS
golang-1.23

Package

Name
golang-1.23
Purl
pkg:deb/ubuntu/golang-1.23?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.23.10-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.23",
            "binary_version": "1.23.10-1"
        },
        {
            "binary_name": "golang-1.23-go",
            "binary_version": "1.23.10-1"
        },
        {
            "binary_name": "golang-1.23-src",
            "binary_version": "1.23.10-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.24

Package

Name
golang-1.24
Purl
pkg:deb/ubuntu/golang-1.24?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.24.4-1ubuntu1
1.24.9-1
1.24.13-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.24",
            "binary_version": "1.24.13-2"
        },
        {
            "binary_name": "golang-1.24-go",
            "binary_version": "1.24.13-2"
        },
        {
            "binary_name": "golang-1.24-src",
            "binary_version": "1.24.13-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.25

Package

Name
golang-1.25
Purl
pkg:deb/ubuntu/golang-1.25?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.25.0-0ubuntu1
1.25.7-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.25",
            "binary_version": "1.25.7-2"
        },
        {
            "binary_name": "golang-1.25-go",
            "binary_version": "1.25.7-2"
        },
        {
            "binary_name": "golang-1.25-src",
            "binary_version": "1.25.7-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:Pro:16.04:LTS
golang-1.13

Package

Name
golang-1.13
Purl
pkg:deb/ubuntu/golang-1.13?arch=source&distro=esm-apps%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.13.8-1ubuntu1~16.04.2
1.13.8-1ubuntu1~16.04.3
1.13.8-1ubuntu1~16.04.3+esm2
1.13.8-1ubuntu1~16.04.3+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.13",
            "binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
        },
        {
            "binary_name": "golang-1.13-go",
            "binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
        },
        {
            "binary_name": "golang-1.13-src",
            "binary_version": "1.13.8-1ubuntu1~16.04.3+esm3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.18

Package

Name
golang-1.18
Purl
pkg:deb/ubuntu/golang-1.18?arch=source&distro=esm-apps%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.18.1-1ubuntu1~16.04.6
1.18.1-1ubuntu1~16.04.6+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.18",
            "binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
        },
        {
            "binary_name": "golang-1.18-go",
            "binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
        },
        {
            "binary_name": "golang-1.18-src",
            "binary_version": "1.18.1-1ubuntu1~16.04.6+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:Pro:18.04:LTS
golang-1.13

Package

Name
golang-1.13
Purl
pkg:deb/ubuntu/golang-1.13?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.13.8-1ubuntu1~18.04.2
1.13.8-1ubuntu1~18.04.3
1.13.8-1ubuntu1~18.04.4
1.13.8-1ubuntu1~18.04.4+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.13",
            "binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
        },
        {
            "binary_name": "golang-1.13-go",
            "binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
        },
        {
            "binary_name": "golang-1.13-src",
            "binary_version": "1.13.8-1ubuntu1~18.04.4+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.16

Package

Name
golang-1.16
Purl
pkg:deb/ubuntu/golang-1.16?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.16.2-0ubuntu1~18.04.2
1.16.2-0ubuntu1~18.04.2+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.16",
            "binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
        },
        {
            "binary_name": "golang-1.16-go",
            "binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
        },
        {
            "binary_name": "golang-1.16-src",
            "binary_version": "1.16.2-0ubuntu1~18.04.2+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
golang-1.18

Package

Name
golang-1.18
Purl
pkg:deb/ubuntu/golang-1.18?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.18.1-1ubuntu1~18.04.3
1.18.1-1ubuntu1~18.04.4
1.18.1-1ubuntu1~18.04.4+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.18",
            "binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
        },
        {
            "binary_name": "golang-1.18-go",
            "binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
        },
        {
            "binary_name": "golang-1.18-src",
            "binary_version": "1.18.1-1ubuntu1~18.04.4+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:Pro:20.04:LTS
golang-1.16

Package

Name
golang-1.16
Purl
pkg:deb/ubuntu/golang-1.16?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.16.2-0ubuntu1~20.04
1.16.2-0ubuntu1~20.04.1
1.16.2-0ubuntu1~20.04.1+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.16",
            "binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
        },
        {
            "binary_name": "golang-1.16-go",
            "binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
        },
        {
            "binary_name": "golang-1.16-src",
            "binary_version": "1.16.2-0ubuntu1~20.04.1+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"
Ubuntu:Pro:22.04:LTS
golang-1.13

Package

Name
golang-1.13
Purl
pkg:deb/ubuntu/golang-1.13?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.13.8-1ubuntu2
1.13.8-1ubuntu2.22.04.1
1.13.8-1ubuntu2.22.04.1+esm1
1.13.8-1ubuntu2.22.04.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-1.13",
            "binary_version": "1.13.8-1ubuntu2.22.04.2"
        },
        {
            "binary_name": "golang-1.13-go",
            "binary_version": "1.13.8-1ubuntu2.22.04.2"
        },
        {
            "binary_name": "golang-1.13-src",
            "binary_version": "1.13.8-1ubuntu2.22.04.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39825.json"