Red Hat Product Errata RHSA-2026:19022 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19022 - Security Advisory Overview Updated Packages Synopsis Important: golang security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The golang packages provide the Go programming language compiler. Security Fix(es): crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2445345 - CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x509 BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url RHEL-169927 - Update Go to version 1.26.2+2 [rhel-10.2.z] CVEs CVE-2026-25679 CVE-2026-27137 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM golang-1.26.2-2.el10_2.src.rpm SHA-256: d2eec90d134527019cd871ba1a4efb7fe58e5d24a05e094de267c5212a504273 x86_64 go-toolset-1.26.2-2.el10_2.x86_64.rpm SHA-256: 2912ff13a94b8bdb08f9144c46a5c77dc7a5497c56ef7ee4b3c396133ffb50dc golang-1.26.2-2.el10_2.x86_64.rpm SHA-256: 129307eb22af2f1764f9d1e7c1e8d8b9bcf9b663100801196828e2ca1bef5113 golang-bin-1.26.2-2.el10_2.x86_64.rpm SHA-256: 31ae20eab0ef62526d4d1175a750e95237401e9f78f34da942fdf8e881297fcf golang-docs-1.26.2-2.el10_2.noarch.rpm SHA-256: 1d4f956ded31c77593d3c539148fa28cd99c42ca5c4da1e568c61bce86bf6974 golang-misc-1.26.2-2.el10_2.noarch.rpm SHA-256: af35e6172c4b5a037949a84071b17d6c3a5670bed2ea3f6e7c4348ae858aae10 golang-race-1.26.2-2.el10_2.x86_64.rpm SHA-256: bc7c639258b23960bd1b81527f06d6905f0fd347938eb8c6a75a24e21b16df76 golang-src-1.26.2-2.el10_2.noarch.rpm SHA-256: 4b4aa239f799ff55195501fbcd801478f97c80915595298ef27cf98aa0ab8604 golang-tests-1.26.2-2.el10_2.noarch.rpm SHA-256: 5a2c22a44aa6382dd569a5a07302ddbe0501eea24bca286af891c634b3dac739 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM golang-1.26.2-2.el10_2.src.rpm SHA-256: d2eec90d134527019cd871ba1a4efb7fe58e5d24a05e094de267c5212a504273 x86_64 go-toolset-1.26.2-2.el10_2.x86_64.rpm SHA-256: 2912ff13a94b8bdb08f9144c46a5c77dc7a5497c56ef7ee4b3c396133ffb50dc golang-1.26.2-2.el10_2.x86_64.rpm SHA-256: 129307eb22af2f1764f9d1e7c1e8d8b9bcf9b663100801196828e2ca1bef5113 golang-bin-1.26.2-2.el10_2.x86_64.rpm SHA-256: 31ae20eab0ef62526d4d1175a750e95237401e9f78f34da942fdf8e881297fcf golang-docs-1.26.2-2.el10_2.noarch.rpm SHA-256: 1d4f956ded31c77593d3c539148fa28cd99c42ca5c4da1e568c61bce86bf6974 golang-misc-1.26.2-2.el10_2.noarch.rpm SHA-256: af35e6172c4b5a037949a84071b17d6c3a5670bed2ea3f6e7c4348ae858aae10 golang-race-1.26.2-2.el10_2.x86_64.rpm SHA-256: bc7c639258b23960bd1b81527f06d6905f0fd347938eb8c6a75a24e21b16df76 golang-src-1.26.2-2.el10_2.noarch.rpm SHA-256: 4b4aa239f799ff55195501fbcd801478f97c80915595298ef27cf98aa0ab8604 golang-tests-1.26.2-2.el10_2.noarch.rpm SHA-256: 5a2c22a44aa6382dd569a5a07302ddbe0501eea24bca286af891c634b3dac739 Red Hat Enterprise Linux for IBM z Systems 10 SRPM golang-1.26.2-2.el10_2.src.rpm SHA-256: d2eec90d134527019cd871ba1a4efb7fe58e5d24a05e094de267c5212a504273 s390x go-toolset-1.26.2-2.el10_2.s390x.rpm SHA-256: 226c9f73a73e4e90410e1db5b226ace0d629c45162a52df9bd7efe71e68588f8 golang-1.26.2-2.el10_2.s390x.rpm SHA-256: add7a27baf0c716943e1ae94171e0ddd6c410c97e98cffac6b7c152da40e93e7 golang-bin-1.26.2-2.el10_2.s390x.rpm SHA-256: 0fb91d477efef33222daf6b5df660b9f494de6ea2c4deb4c0bb89cc9fc202e38 golang-docs-1.26.2-2.el10_2.noarch.rpm SHA-256: 1d4f956ded31c77593d3c539148fa28cd99c42ca5c4da1e568c61bce86bf6974 golang-misc-1.26.2-2.el10_2.noarch.rpm SHA-256: af35e6172c4b5a037949a84071b17d6c3a5670bed2ea3f6e7c4348ae858aae10 golang-race-1.26.2-2.el10_2.s390x.rpm SHA-256: a8fabf77ad6fc171a11bf41ab84b79c7b76cfb79868e48f3bc4f91bca6d23006 golang-src-1.26.2-2.el10_2.noarch.rpm SHA-256: 4b4aa239f799ff55195501fbcd801478f97c80915595298ef27cf98aa0ab8604 golang-tests-1.26.2-2.el10_2.noarch.rpm SHA-256: 5a2c22a44aa6382dd569a5a07302ddbe0501eea24bca286af891c634b3dac739 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM golang-1.26.2-2.el10_2.src.rpm SHA-256: d2eec90d134527019cd871ba1a4efb7fe58e5d24a05e094de267c5212a504273 s390x go-toolset-1.26.2-2.el10_2.s390x.rpm SHA-256: 226c9f73a73e4e90410e1db5b226ace0d629c45162a52df9bd7efe71e68588f8 golang-1.26.2-2.el10_2.s390x.rpm SHA-256: add7a27baf0c716943e1ae94171e0ddd6c410c97e98cffac6b7c152da40e93e7 golang-bin-1.26.2-2.el10_2.s390x.rpm SHA-256: 0fb91d477efef33222daf6b5df660b9f494de6ea2c4deb4c0bb89cc9fc202e38 golang-docs-1.26.2-2.el10_2.noarch.rpm SHA-256: 1d4f956ded31c77593d3c539148fa28cd99c42ca5c4da1e568c61bce86bf6974 golang-misc-1.26.2-2.el10_2.noarch.rpm SHA-256: af35e6172c4b5a037949a84071b17d6c3a5670bed2ea3f6e7c4348ae858aae10 golang-race-1.26.2-2.el10_2.s390x.rpm SHA-256: a8fabf77ad6fc171a11bf41ab84b79c7b76cfb79868e48f3bc4f91bca6d23006 golang-src-1.26.2-2.el10_2.noarch.rpm SHA-256: 4b4aa239f799ff55195501fbcd801478f97c80915595298ef27cf98aa0ab8604 golang-tests-1.26.2-2.el10_2.noarch.rpm SHA-256: 5a2c22a44aa6382dd569a5a07302ddbe0501eea24bca286af891c634b3dac739 Red Hat Enterprise Linux for Power, little endian 10 SRPM golang-1.26.2-2.el10_2.src.rpm SHA-256: d2eec90d134527019cd871ba1a4efb7fe58e5d24a05e094de267c5212a504273 ppc64le go-toolset-1.26.2-2.el10_2.ppc64le.rpm SHA-256: c175fa866f0b77cc4056b3eef985cba918da33c5e8a75ddd66f821d310daa374 golang-1.26.2-2.el10_2.ppc64le.rpm SHA-256: 681c1dbeff23e73ba2a597eb568c9a29ae3c56a006c0aeb1f7b94c1f76e1ae84 golang-bin-1.26.2-2.el10_2.ppc64le.rpm SHA-256: 5fd3741f8dc17cb69118e7f15c61c64001580279193961b329f07172509d1975 golang-docs-1.26.2-2.el10_2.noarch.rpm SHA-256: 1d4f956ded31c77593d3c539148fa28cd99c42ca5c4da1e568c61bce86bf6974 golang-misc-1.26.2-2.el10_2.noarch.rpm SHA-256: af35e6172c4b5a037949a84071b17d6c3a5670bed2ea3f6e7c4348ae858aae10 golang-race-1.26.2-2.el10_2.ppc64le.rpm SHA-256: a9dee15f573ce08db92cf8149035349d52fc5c3cf6e42234d01f1133a95e3b24 golang-src-1.26.2-2.el10_2.noarch.rpm SHA-256: 4b4aa239f799ff55195501fbcd801478f97c80915595298ef27cf98aa0ab8604 golang-tests-1.26.2-2.el10_2.noarch.rpm SHA-256: 5a2c22a44aa6382dd569a5a07302ddbe0501eea24bca286af891c634b3dac739 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM golang-1.26.2-2.el10_2.src.rpm SHA-256: d2eec90d134527019cd871ba1a4efb7fe58e5d24a05e094de267c5212a504273 ppc64le go-toolset-1.26.2-2.el10_2.ppc64le.rpm SHA-256: c175fa866f0b77cc4056b3eef985cba918da33c5e8a75ddd66f821d310daa374 golang-1.26.2-2.el10_2.ppc64le.rpm SHA-256: 681c1dbeff23e73ba2a597eb568c9a29ae3c56a006c0aeb1f7b94c1f76e1ae84 golang-bin-1.26.2-2.el10_2.ppc64le.rpm SHA-256: 5fd3741f8dc17cb69118e7f15c61c64001580279193961b329f07172509d1975 golang-docs-1.26.2-2.el10_2.noarch.rpm SHA-256: 1d4f956ded31c77593d3c539148fa28cd99c42ca5c4da1e568c61bce86bf6974 golang-misc-1.26.2-2.el10_2.noarch.rpm SHA-256: af35e6172c4b5a037949a84071b17d6c3a5670bed2ea3f6e7c4348ae858aae10 golang-race-1.26.2-2.el10_2.ppc64le.rpm SHA-256: a9dee15f573ce08db92cf8149035349d52fc5c3cf6e42234d01f1133a95e3b24 golang-src-1.26.2-2.el10_2.noarch.rpm SHA-256: 4b4aa239f799ff55195501fbcd801478f97c80915595298ef27cf98aa0ab8604 golang-tests-1.26.2-2.el10_2.noarch.rpm SHA-256: 5a2c22a44aa6382dd569a5a07302ddbe0501eea24bca286af891c634b3dac739 Red Hat Enterprise Linux for ARM 64 10 SRPM golang-1.26.2-2.el10_2.src.rpm SHA-256: d2eec90d134527019cd871ba1a4efb7fe58e5d24a05e094de267c5212a504273 aarch64 go-toolset-1.26.2-2.el10_2.aarch64.rpm SHA-256: a8af2cd30cb1cc056c3dc50a81521a8c86fe3b2b1acb7c412576386fe109dcb6 golang-1.26.2-2.el10_2.aarch64.rpm SHA-256: c8249fecb78851d6f358bd626fb850b35821a06566bca590ec5914f603013501 golang-bin-1.26.2-2.el10_2.aarch64.rpm SHA-256: 526e1932b60c8deeb8a065daee832db263f31b1bf31425f78a5d59505840be9c golang-docs-1.26.2-2.el10_2.noarch.rpm SHA-256: 1d4f956ded31c77593d3c539148fa28cd99c42ca5c4da1e568c61bce86bf6974 golang-misc-1.26.2-2.el1