Denial-of-Service Flaws Disclosed in Golang Go and Go `sys` Components
German CERT advisories disclosed denial-of-service vulnerabilities affecting Golang Go and the Go sys component. The notices identify two separate issues, tracked as dCERT advisories 2025-2420 and 2026-1635, with both describing flaws that could allow an attacker to disrupt availability rather than achieve code execution or privilege escalation.
The advisories provide limited public detail, but the impact is clear: organizations using affected Go runtimes or the golang.org/x/sys package should review vendor guidance, identify exposed services and dependent applications, and prioritize updates or mitigations to reduce the risk of service interruption. The disclosures highlight continued availability risk in widely used Go software components that may be embedded across internal tools, cloud services, and third-party products.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes advisory 2026-1635 for Go sys denial-of-service vulnerability
dCERT published advisory 2026-1635 for a denial-of-service vulnerability affecting Golang Go (sys). The reference does not include further details on impact, exploitation, or fixes.
dCERT publishes advisory 2025-2420 for Go denial-of-service vulnerability
dCERT published advisory 2025-2420 بشأن a Golang Go vulnerability that could allow denial of service. No additional technical details or remediation information are provided in the reference.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Vulnerabilities Disclosed in Golang Go and Microsoft Azure Services
Germany's dCERT published advisories for multiple vulnerabilities affecting **Golang Go** and several **Microsoft Azure** services, including **Azure DevOps**, **Data Factory**, and **Cloud Shell**. The Go advisory states that multiple flaws could allow an unspecified attack, indicating potential security impact in applications or environments that rely on the language runtime and related components. A separate dCERT advisory reported multiple vulnerabilities in Microsoft's cloud platform components, expanding the scope of exposure to development, automation, and shell-access services in Azure. While technical details and exploit conditions were not provided in the advisories, the disclosures indicate that organizations using these technologies should review vendor guidance, identify affected deployments, and prioritize remediation once patches or mitigations are available.
May 8, 2026
Red Hat Enterprise Linux Flaws in pcs and go-jose Enable Denial of Service
dCERT issued advisories for two **Red Hat Enterprise Linux** components, warning that vulnerabilities in `pcs` and `go-jose` could be exploited to cause **denial-of-service** conditions. Advisory `2026-1092` covers the `pcs` package, while advisory `2026-1245` addresses `go-jose`, indicating that separate weaknesses in commonly deployed RHEL software may allow attackers to disrupt service availability. The notices provide limited public technical detail, but they identify both issues as affecting Red Hat Enterprise Linux environments and potentially impacting system stability or application availability. Organizations running RHEL systems that rely on clustering functionality through `pcs` or authentication and cryptographic operations through `go-jose` should review the relevant vendor advisories and apply available updates or mitigations to reduce exposure to service disruption.
Apr 27, 2026
Multiple Vulnerabilities Disclosed in systemd
dCERT published two advisories covering **multiple vulnerabilities in `systemd`**, the widely deployed Linux init system and service manager. The notices identify separate batches of flaws affecting `systemd`, indicating an ongoing stream of security issues in a core component used across many Linux distributions and enterprise environments. Because `systemd` is deeply integrated into system startup, service control, logging, and host management, vulnerabilities in the software can have broad operational and security impact depending on the affected component and deployment. Organizations using Linux systems with `systemd` should review the dCERT advisories **2026-0707** and **2026-0815**, determine exposure across their fleets, and prioritize vendor patches or mitigations as they become available.
Apr 13, 2026