1. Golang Tool Pack Archive Extraction Flaw Exposes Systems to Arbitrary File Write; CVE-2026-39817 Tracked
A critical path traversal vulnerability in Go's internal archive utility tool allows malicious archives to write files to arbitrary filesystem locations. The flaw, tracked as CVE-2026-39817 and now publicly disclosed, affects the `go tool pack` subcommand—a stripped-down archive handler used primarily as an internal co...