Red Hat Product Errata RHSA-2026:16497 - Security Advisory Issued: 2026-05-12 Updated: 2026-05-12 RHSA-2026:16497 - Security Advisory Overview Updated Packages Synopsis Important: golang security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for golang is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The golang packages provide the Go programming language compiler. Security Fix(es): cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names (CVE-2026-27140) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2456341 - CVE-2026-27140 cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names CVEs CVE-2026-27140 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM golang-1.21.13-16.el9_4.src.rpm SHA-256: 67931076c9c525b23acec686d7fdae1c557695c4a34602bf77fd8ef7f3feddbf x86_64 go-toolset-1.21.13-16.el9_4.x86_64.rpm SHA-256: 2fd5e780175ee460775eb00cdc1e80fa14db582b855f4fa2f11009133c306754 golang-1.21.13-16.el9_4.x86_64.rpm SHA-256: 9b44af3d79f2ca40793d061992a62ab539023c42c10a651e01e0fecb13f4ed1d golang-bin-1.21.13-16.el9_4.x86_64.rpm SHA-256: c764107a97212b65c005516f681e64e157d51638c18766027685b45f433296d3 golang-docs-1.21.13-16.el9_4.noarch.rpm SHA-256: 0bffec6fae6a6b1ff84ad9683753522c459624fef2471fd9398ebebac1e92812 golang-misc-1.21.13-16.el9_4.noarch.rpm SHA-256: bdc531c206dade14a53fb8d95d91e811a551968c899d61569b6e52df1bb4a167 golang-src-1.21.13-16.el9_4.noarch.rpm SHA-256: 60e0a2b6a3001be9f4c45438e980d765bf0d2ab55c1f5bb210c3e96fd5309b3b golang-tests-1.21.13-16.el9_4.noarch.rpm SHA-256: 15ae182eec30a35c60a637c949137aefbc1ae5d2c06dfca19f92f13386440d47 Red Hat Enterprise Linux Server - AUS 9.4 SRPM golang-1.21.13-16.el9_4.src.rpm SHA-256: 67931076c9c525b23acec686d7fdae1c557695c4a34602bf77fd8ef7f3feddbf x86_64 go-toolset-1.21.13-16.el9_4.x86_64.rpm SHA-256: 2fd5e780175ee460775eb00cdc1e80fa14db582b855f4fa2f11009133c306754 golang-1.21.13-16.el9_4.x86_64.rpm SHA-256: 9b44af3d79f2ca40793d061992a62ab539023c42c10a651e01e0fecb13f4ed1d golang-bin-1.21.13-16.el9_4.x86_64.rpm SHA-256: c764107a97212b65c005516f681e64e157d51638c18766027685b45f433296d3 golang-docs-1.21.13-16.el9_4.noarch.rpm SHA-256: 0bffec6fae6a6b1ff84ad9683753522c459624fef2471fd9398ebebac1e92812 golang-misc-1.21.13-16.el9_4.noarch.rpm SHA-256: bdc531c206dade14a53fb8d95d91e811a551968c899d61569b6e52df1bb4a167 golang-src-1.21.13-16.el9_4.noarch.rpm SHA-256: 60e0a2b6a3001be9f4c45438e980d765bf0d2ab55c1f5bb210c3e96fd5309b3b golang-tests-1.21.13-16.el9_4.noarch.rpm SHA-256: 15ae182eec30a35c60a637c949137aefbc1ae5d2c06dfca19f92f13386440d47 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM golang-1.21.13-16.el9_4.src.rpm SHA-256: 67931076c9c525b23acec686d7fdae1c557695c4a34602bf77fd8ef7f3feddbf s390x go-toolset-1.21.13-16.el9_4.s390x.rpm SHA-256: eae45b3f5685f341d963924b55e68034280ff11ae18dd5f45937afbbf44c22ec golang-1.21.13-16.el9_4.s390x.rpm SHA-256: 199481d22f1d85d77b62956c4abc5a60364d0212bfdc423b9597bd4a101ec81c golang-bin-1.21.13-16.el9_4.s390x.rpm SHA-256: d9187dbd04fab4b8b7e304d7a49980865514c41e003512c2941fe861a9d7863c golang-docs-1.21.13-16.el9_4.noarch.rpm SHA-256: 0bffec6fae6a6b1ff84ad9683753522c459624fef2471fd9398ebebac1e92812 golang-misc-1.21.13-16.el9_4.noarch.rpm SHA-256: bdc531c206dade14a53fb8d95d91e811a551968c899d61569b6e52df1bb4a167 golang-src-1.21.13-16.el9_4.noarch.rpm SHA-256: 60e0a2b6a3001be9f4c45438e980d765bf0d2ab55c1f5bb210c3e96fd5309b3b golang-tests-1.21.13-16.el9_4.noarch.rpm SHA-256: 15ae182eec30a35c60a637c949137aefbc1ae5d2c06dfca19f92f13386440d47 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM golang-1.21.13-16.el9_4.src.rpm SHA-256: 67931076c9c525b23acec686d7fdae1c557695c4a34602bf77fd8ef7f3feddbf ppc64le go-toolset-1.21.13-16.el9_4.ppc64le.rpm SHA-256: 26f864a783ed571e76ac40046d91d4c95f1c1138b8ebe7275262db725101634a golang-1.21.13-16.el9_4.ppc64le.rpm SHA-256: 1f90623163265f6fe4725fdfe2beac61b4affe20671f1fb1240219640e6146c2 golang-bin-1.21.13-16.el9_4.ppc64le.rpm SHA-256: c09f45c22d0093607a13dcf12131e434110e0ae7d1078a0978f2c2bf04ed5561 golang-docs-1.21.13-16.el9_4.noarch.rpm SHA-256: 0bffec6fae6a6b1ff84ad9683753522c459624fef2471fd9398ebebac1e92812 golang-misc-1.21.13-16.el9_4.noarch.rpm SHA-256: bdc531c206dade14a53fb8d95d91e811a551968c899d61569b6e52df1bb4a167 golang-src-1.21.13-16.el9_4.noarch.rpm SHA-256: 60e0a2b6a3001be9f4c45438e980d765bf0d2ab55c1f5bb210c3e96fd5309b3b golang-tests-1.21.13-16.el9_4.noarch.rpm SHA-256: 15ae182eec30a35c60a637c949137aefbc1ae5d2c06dfca19f92f13386440d47 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM golang-1.21.13-16.el9_4.src.rpm SHA-256: 67931076c9c525b23acec686d7fdae1c557695c4a34602bf77fd8ef7f3feddbf aarch64 go-toolset-1.21.13-16.el9_4.aarch64.rpm SHA-256: 2127b330b6e242cb05bddb41eff379a67c5b4073c3329c411bada807626dd33a golang-1.21.13-16.el9_4.aarch64.rpm SHA-256: 9b957a73454d6c59d7a6521ca86311bcb2f0f8eb030fa8304fe3725f5d87c06c golang-bin-1.21.13-16.el9_4.aarch64.rpm SHA-256: c0592f011058bf13de7fe8ff11fd2d8524dc44eadf73f5de1001f6ec8009df4a golang-docs-1.21.13-16.el9_4.noarch.rpm SHA-256: 0bffec6fae6a6b1ff84ad9683753522c459624fef2471fd9398ebebac1e92812 golang-misc-1.21.13-16.el9_4.noarch.rpm SHA-256: bdc531c206dade14a53fb8d95d91e811a551968c899d61569b6e52df1bb4a167 golang-src-1.21.13-16.el9_4.noarch.rpm SHA-256: 60e0a2b6a3001be9f4c45438e980d765bf0d2ab55c1f5bb210c3e96fd5309b3b golang-tests-1.21.13-16.el9_4.noarch.rpm SHA-256: 15ae182eec30a35c60a637c949137aefbc1ae5d2c06dfca19f92f13386440d47 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM golang-1.21.13-16.el9_4.src.rpm SHA-256: 67931076c9c525b23acec686d7fdae1c557695c4a34602bf77fd8ef7f3feddbf ppc64le go-toolset-1.21.13-16.el9_4.ppc64le.rpm SHA-256: 26f864a783ed571e76ac40046d91d4c95f1c1138b8ebe7275262db725101634a golang-1.21.13-16.el9_4.ppc64le.rpm SHA-256: 1f90623163265f6fe4725fdfe2beac61b4affe20671f1fb1240219640e6146c2 golang-bin-1.21.13-16.el9_4.ppc64le.rpm SHA-256: c09f45c22d0093607a13dcf12131e434110e0ae7d1078a0978f2c2bf04ed5561 golang-docs-1.21.13-16.el9_4.noarch.rpm SHA-256: 0bffec6fae6a6b1ff84ad9683753522c459624fef2471fd9398ebebac1e92812 golang-misc-1.21.13-16.el9_4.noarch.rpm SHA-256: bdc531c206dade14a53fb8d95d91e811a551968c899d61569b6e52df1bb4a167 golang-src-1.21.13-16.el9_4.noarch.rpm SHA-256: 60e0a2b6a3001be9f4c45438e980d765bf0d2ab55c1f5bb210c3e96fd5309b3b golang-tests-1.21.13-16.el9_4.noarch.rpm SHA-256: 15ae182eec30a35c60a637c949137aefbc1ae5d2c06dfca19f92f13386440d47 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM golang-1.21.13-16.el9_4.src.rpm SHA-256: 67931076c9c525b23acec686d7fdae1c557695c4a34602bf77fd8ef7f3feddbf x86_64 go-toolset-1.21.13-16.el9_4.x86_64.rpm SHA-256: 2fd5e780175ee460775eb00cdc1e80fa14db582b855f4fa2f11009133c306754 golang-1.21.13-16.el9_4.x86_64.rpm SHA-256: 9b44af3d79f2ca40793d061992a62ab539023c42c10a651e01e0fecb13f4ed1d golang-bin-1.21.13-16.el9_4.x86_64.rpm SHA-256: c764107a97212b65c005516f681e64e157d51638c18766027685b45f433296d3 golang-docs-1.21.13-16.el9_4.noarch.rpm SHA-256: 0bffec6fae6a6b1ff84ad9683753522c459624fef2471fd9398ebebac1e92812 golang-misc-1.21.13-16.el9_4.noarch.rpm SHA-256: bdc531c206dade14a53fb8d95d91e811a551968c899d61569b6e52df1bb4a167 golang-src-1.21.13-16.el9_4.noarch.rpm SHA-256: 60e0a2b6a3001be9f4c45438e980d765bf0d2ab55c1f5bb210c3e96fd5309b3b golang-tests-1.21.13-16.el9_4.noarch.rpm SHA-256: 15ae182eec30a35c60a637c949137aefbc1ae5d2c06dfca19f92f13386440d47 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 SRPM golang-1.21.13-16.el9_4.src.rpm SHA-256: 67931076c9c525b23acec686d7fdae1c557695c4a34602bf77fd8ef7f3feddbf aarch64 go-toolset-1.21.13-16.el9_4.aarch64.rpm SHA-256: 2127b330b6e242cb05bddb41eff379a67c5b4073c3329c411bada807626dd33a golang-1.21.13-16.el9_4.aarch64.rpm SHA-256: 9b957a73454d6c59d7a6521ca86311bcb2f0f8eb030fa8304fe3725f5d87c06c golang-bin-1.21.13-16.el9_4.aarch64.rpm SHA-256: c0592f011058bf13de7fe8ff11fd2d8524dc44eadf73f5de1001f6ec8009df4a golang-