CVE-2026-25934 – go-git improperly verifies data integrity values for .idx and .pack files

CVE ID : CVE-2026-25934

Published : Feb. 9, 2026, 11:16 p.m. | 1 hour, 5 minutes ago

Description : go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-25934 – go-git improperly verifies data integrity values for .idx and .pack files

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-25931 – vscode-spell-checker has a workspace-trust bypass Code Execution

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-2258 – aardappel lobster wfc.h WaveFunctionCollapse memory corruption

CVE-2025-15147 – WCFM Membership – WooCommerce Memberships for Multivendor Marketplace

CVE-2026-0845 – WCFM – WooCommerce Frontend Manager

CVE-2026-25958 – Cube privilege escalation via a specially crafted request