← 戻る
CVE-2026-25679
high
CVSS 7.5
stdlib の脆弱性 (CVE-2026-25679)
概要
stdlib に 脆弱性 (CVE-2026-25679) が存在。不正な操作・情報露出のリスクがあります。対策: `1.25.8, 1.26.1` 以上に更新。
AI要約 snake-internal / snake-template-v1
対象製品という製品で、CVE-2026-25679 という番号がついた弱点 (脆弱性) が見つかりました。
重要度は「重要」(CVSSスコア 7.5/10)。これが悪用されると、データ漏洩や重要な機能の停止につながる可能性があります。
あなた自身の対応としては、使っている製品やソフトを最新版に更新するのがいちばんの対策です。心配なら、システム担当者や製品の公式サイトで「対象製品 CVE-2026-25679」を検索してください。
CVE-2026-25679 (対象製品)。重要度: 重要 / CVSSv3 7.5。分類: CWE-425。
対応方針:
1. ベンダー公式アドバイザリで影響バージョン・修正版を確認
2. 該当バージョンが本番で稼働中なら、メンテ計画 (緊急度はKEV/CVSSで判断)
3. パッチ未提供時は WAF ルール・該当機能の無効化等で暫定回避
4. ログ・SIEMで該当CVEのIOC/PoCシグネチャを監視
詳細PoCや修正コミットは、当ページの『参照URL』および MITRE / NVD を参照してください。
❓ 何が問題か
対象製品 の弱点 (CVE-2026-25679)。深刻なソフトウェア欠陥が見つかっています。
📍 影響範囲
対象製品 の対象バージョン (各ベンダーアドバイザリで確認)。本番環境で稼働中であれば直ちに影響範囲を確認してください。
🔥 重要度
重要度: 重要 (CVSS 7.5/10)。これが悪用されると、データ漏洩や重要な機能の停止につながる可能性があります。
🔧 修正方法
ベンダー公式アドバイザリで提示された修正版に更新してください。 (CWE-425 の典型的対策パターン)
🛡️ 暫定回避
修正版がまだ提供されていない場合は、影響機能の無効化・WAFルール・ネットワークACLでの遮断・該当バージョンの隔離を検討してください。
🔍 検知方法
バージョン情報の確認、SBOMでの依存関係スキャン、SIEMでの該当CVEに関するIOC・PoCシグネチャ監視を実施してください。
対応アクション (7段階)
SOC/SREチームが順番に実行すべき具体的なステップとコマンド例
-
1影響範囲の特定 identify
grep -r 'stdlib' . | grep -v node_modulesリポジトリと本番環境の依存ファイル (package-lock.json / requirements.txt / go.sum / Gemfile.lock 等) で `stdlib` を grep し、稼働しているサービス・バージョンを把握する。
-
6パッチ適用 patch
Upgrade stdlib to 1.25.8, 1.26.1ステージング環境で 1.25.8, 1.26.1 に上げて回帰テスト → 本番反映。回帰テストはアプリの主要ハッピーパスと、Step 3 で見つけた異常検知の続報チェックを含めること。
-
7事後検証 verify
Confirm patched version is live in productionパッチ適用後、ステージングで PoC または同等の悪用パターンを再現して脆弱性が閉じたことを確認。本番では Step 3 と同じログクエリでアラート再発が無いか継続監視。
影響パッケージ
Go
stdlib
[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.25.8"},{"introduced":"1.26.0-0"},{"fixed":"1.26.1"}]}]
参照URL
- web https://go.dev/cl/752180
- web https://go.dev/issue/77578
- web https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk
- web https://nvd.nist.gov/vuln/detail/CVE-2026-25679
- web https://pkg.go.dev/vuln/GO-2026-4601
- web https://access.redhat.com/errata/RHSA-2026:12030
- web https://access.redhat.com/errata/RHSA-2026:6949
- web https://access.redhat.com/errata/RHSA-2026:7005
- web https://access.redhat.com/errata/RHSA-2026:7009
- web https://access.redhat.com/errata/RHSA-2026:7011
- web https://access.redhat.com/errata/RHSA-2026:7259
- web https://access.redhat.com/errata/RHSA-2026:7291
- web https://access.redhat.com/errata/RHSA-2026:7315
- web https://access.redhat.com/errata/RHSA-2026:7328
- web https://access.redhat.com/errata/RHSA-2026:7385
- web https://access.redhat.com/errata/RHSA-2026:7665
- web https://access.redhat.com/errata/RHSA-2026:7669
- web https://access.redhat.com/errata/RHSA-2026:7674
- web https://access.redhat.com/errata/RHSA-2026:7833
- web https://access.redhat.com/errata/RHSA-2026:7834
- web https://access.redhat.com/errata/RHSA-2026:7876
- web https://access.redhat.com/errata/RHSA-2026:7877
- web https://access.redhat.com/errata/RHSA-2026:7878
- web https://access.redhat.com/errata/RHSA-2026:7879
- web https://access.redhat.com/errata/RHSA-2026:7883
- web https://access.redhat.com/errata/RHSA-2026:7992
- web https://access.redhat.com/errata/RHSA-2026:8151
- web https://access.redhat.com/errata/RHSA-2026:8167
- web https://access.redhat.com/errata/RHSA-2026:8314
- web https://access.redhat.com/errata/RHSA-2026:8322
- web https://access.redhat.com/errata/RHSA-2026:8324
- web https://access.redhat.com/errata/RHSA-2026:8337
- web https://access.redhat.com/errata/RHSA-2026:8338
- web https://access.redhat.com/errata/RHSA-2026:8433
- web https://access.redhat.com/errata/RHSA-2026:26527
- web https://access.redhat.com/errata/RHSA-2026:26541
- web https://access.redhat.com/errata/RHSA-2026:26568
- web https://access.redhat.com/errata/RHSA-2026:26585
- web https://access.redhat.com/errata/RHSA-2026:26636
- web https://access.redhat.com/errata/RHSA-2026:27076
- web https://access.redhat.com/errata/RHSA-2026:28047
- web https://access.redhat.com/errata/RHSA-2026:28441
- web https://access.redhat.com/errata/RHSA-2026:29035
- web https://access.redhat.com/errata/RHSA-2026:29195
- web https://access.redhat.com/errata/RHSA-2026:29455
- web https://access.redhat.com/errata/RHSA-2026:29702
- web https://access.redhat.com/errata/RHSA-2026:29703
- web https://access.redhat.com/errata/RHSA-2026:29854
- web https://access.redhat.com/errata/RHSA-2026:5110
- web https://access.redhat.com/errata/RHSA-2026:5549
- web https://access.redhat.com/errata/RHSA-2026:5941
- web https://access.redhat.com/errata/RHSA-2026:5942
- web https://access.redhat.com/errata/RHSA-2026:5943
- web https://access.redhat.com/errata/RHSA-2026:5944
- web https://access.redhat.com/errata/RHSA-2026:6341
- web https://access.redhat.com/errata/RHSA-2026:6344
- web https://access.redhat.com/errata/RHSA-2026:6382
- web https://access.redhat.com/errata/RHSA-2026:6383
- web https://access.redhat.com/errata/RHSA-2026:6388
- web https://access.redhat.com/errata/RHSA-2026:6564
- web https://access.redhat.com/errata/RHSA-2026:6720
- web https://access.redhat.com/errata/RHSA-2026:6802
- web https://access.redhat.com/errata/RHSA-2026:8434
- web https://access.redhat.com/errata/RHSA-2026:9044
- web https://access.redhat.com/errata/RHSA-2026:9052
- web https://access.redhat.com/errata/RHSA-2026:9090
- web https://access.redhat.com/errata/RHSA-2026:9093
- web https://access.redhat.com/errata/RHSA-2026:9094
- web https://access.redhat.com/errata/RHSA-2026:9097
- web https://access.redhat.com/errata/RHSA-2026:9098
- web https://access.redhat.com/errata/RHSA-2026:9108
- web https://access.redhat.com/errata/RHSA-2026:9109
- web https://access.redhat.com/errata/RHSA-2026:9385
- web https://access.redhat.com/errata/RHSA-2026:9434
- web https://access.redhat.com/errata/RHSA-2026:9435
- web https://access.redhat.com/errata/RHSA-2026:9436
- web https://access.redhat.com/errata/RHSA-2026:9439
- web https://access.redhat.com/errata/RHSA-2026:9440
- web https://access.redhat.com/errata/RHSA-2026:9448
- web https://access.redhat.com/errata/RHSA-2026:9453
- web https://access.redhat.com/errata/RHSA-2026:9461
- web https://access.redhat.com/errata/RHSA-2026:9695
- web https://access.redhat.com/errata/RHSA-2026:9742
- web https://access.redhat.com/errata/RHSA-2026:9872
- web https://access.redhat.com/security/cve/CVE-2026-25679
- web https://bugzilla.redhat.com/show_bug.cgi?id=2445356
- web https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json
- web https://access.redhat.com/errata/RHSA-2026:8456
- web https://access.redhat.com/errata/RHSA-2026:8483
- web https://access.redhat.com/errata/RHSA-2026:8484
- web https://access.redhat.com/errata/RHSA-2026:8490
- web https://access.redhat.com/errata/RHSA-2026:8491
- web https://access.redhat.com/errata/RHSA-2026:8493
- web https://access.redhat.com/errata/RHSA-2026:8840
- web https://access.redhat.com/errata/RHSA-2026:8841
- web https://access.redhat.com/errata/RHSA-2026:8842
- web https://access.redhat.com/errata/RHSA-2026:8845
- web https://access.redhat.com/errata/RHSA-2026:8847
- web https://access.redhat.com/errata/RHSA-2026:8848
- web https://access.redhat.com/errata/RHSA-2026:8849
- web https://access.redhat.com/errata/RHSA-2026:8851
- web https://access.redhat.com/errata/RHSA-2026:8852
- web https://access.redhat.com/errata/RHSA-2026:8853
- web https://access.redhat.com/errata/RHSA-2026:8855
- web https://access.redhat.com/errata/RHSA-2026:8856
- web https://access.redhat.com/errata/RHSA-2026:8860
- web https://access.redhat.com/errata/RHSA-2026:8877
- web https://access.redhat.com/errata/RHSA-2026:8878
- web https://access.redhat.com/errata/RHSA-2026:8879
- web https://access.redhat.com/errata/RHSA-2026:8881
- web https://access.redhat.com/errata/RHSA-2026:8882
- web https://access.redhat.com/errata/RHSA-2026:8930
- web https://access.redhat.com/errata/RHSA-2026:8931
- web https://access.redhat.com/errata/RHSA-2026:8949
- web https://access.redhat.com/errata/RHSA-2026:9043
- web https://access.redhat.com/errata/RHSA-2026:12031
- web https://access.redhat.com/errata/RHSA-2026:12032
- web https://access.redhat.com/errata/RHSA-2026:12033
- web https://access.redhat.com/errata/RHSA-2026:12282
- web https://access.redhat.com/errata/RHSA-2026:13508
- web https://access.redhat.com/errata/RHSA-2026:13512
- web https://access.redhat.com/errata/RHSA-2026:13545
- web https://access.redhat.com/errata/RHSA-2026:13642
- web https://access.redhat.com/errata/RHSA-2026:13643
- web https://access.redhat.com/errata/RHSA-2026:13671
- web https://access.redhat.com/errata/RHSA-2026:13791
- web https://access.redhat.com/errata/RHSA-2026:13829
- web https://access.redhat.com/errata/RHSA-2026:14020
- web https://access.redhat.com/errata/RHSA-2026:14100
- web https://access.redhat.com/errata/RHSA-2026:14774
- web https://access.redhat.com/errata/RHSA-2026:14868
- web https://access.redhat.com/errata/RHSA-2026:14879
- web https://access.redhat.com/errata/RHSA-2026:15091
- web https://access.redhat.com/errata/RHSA-2026:16102
- web https://access.redhat.com/errata/RHSA-2026:16696
- web https://access.redhat.com/errata/RHSA-2026:16874
- web https://access.redhat.com/errata/RHSA-2026:16875
- web https://access.redhat.com/errata/RHSA-2026:17040
- web https://access.redhat.com/errata/RHSA-2026:17084
- web https://access.redhat.com/errata/RHSA-2026:17287
- web https://access.redhat.com/errata/RHSA-2026:17598
- web https://access.redhat.com/errata/RHSA-2026:19017
- web https://access.redhat.com/errata/RHSA-2026:20584
- web https://access.redhat.com/errata/RHSA-2026:10065
- web https://access.redhat.com/errata/RHSA-2026:10125
- web https://access.redhat.com/errata/RHSA-2026:10133
- web https://access.redhat.com/errata/RHSA-2026:10140
- web https://access.redhat.com/errata/RHSA-2026:10141
- web https://access.redhat.com/errata/RHSA-2026:10158
- web https://access.redhat.com/errata/RHSA-2026:10169
- web https://access.redhat.com/errata/RHSA-2026:10175
- web https://access.redhat.com/errata/RHSA-2026:10184
- web https://access.redhat.com/errata/RHSA-2026:10225
- web https://access.redhat.com/errata/RHSA-2026:10250
- web https://access.redhat.com/errata/RHSA-2026:10701
- web https://access.redhat.com/errata/RHSA-2026:10712
- web https://access.redhat.com/errata/RHSA-2026:10929
- web https://access.redhat.com/errata/RHSA-2026:11217
- web https://access.redhat.com/errata/RHSA-2026:11375
- web https://access.redhat.com/errata/RHSA-2026:11412
- web https://access.redhat.com/errata/RHSA-2026:11413
- web https://access.redhat.com/errata/RHSA-2026:11686
- web https://access.redhat.com/errata/RHSA-2026:11688
- web https://access.redhat.com/errata/RHSA-2026:11747
- web https://access.redhat.com/errata/RHSA-2026:11749
- web https://access.redhat.com/errata/RHSA-2026:11768
- web https://access.redhat.com/errata/RHSA-2026:11800
- web https://access.redhat.com/errata/RHSA-2026:11856
- web https://access.redhat.com/errata/RHSA-2026:11916
- web https://access.redhat.com/errata/RHSA-2026:11996
- web https://access.redhat.com/errata/RHSA-2026:12028
- web https://access.redhat.com/errata/RHSA-2026:12029
- web https://access.redhat.com/errata/RHSA-2026:20889
- web https://access.redhat.com/errata/RHSA-2026:21017
- web https://access.redhat.com/errata/RHSA-2026:21655
- web https://access.redhat.com/errata/RHSA-2026:21657
- web https://access.redhat.com/errata/RHSA-2026:21691
- web https://access.redhat.com/errata/RHSA-2026:21696
- web https://access.redhat.com/errata/RHSA-2026:21769
- web https://access.redhat.com/errata/RHSA-2026:22347
- web https://access.redhat.com/errata/RHSA-2026:22423
- web https://access.redhat.com/errata/RHSA-2026:22450
- web https://access.redhat.com/errata/RHSA-2026:22627
- web https://access.redhat.com/errata/RHSA-2026:22714
- web https://access.redhat.com/errata/RHSA-2026:22733
- web https://access.redhat.com/errata/RHSA-2026:22862
- web https://access.redhat.com/errata/RHSA-2026:22937
- web https://access.redhat.com/errata/RHSA-2026:23228
- web https://access.redhat.com/errata/RHSA-2026:23345
- web https://access.redhat.com/errata/RHSA-2026:24386
- web https://access.redhat.com/errata/RHSA-2026:24853
- web https://access.redhat.com/errata/RHSA-2026:25043
- web https://access.redhat.com/errata/RHSA-2026:25127
- web https://access.redhat.com/errata/RHSA-2026:25180
- web https://access.redhat.com/errata/RHSA-2026:25248
- web https://access.redhat.com/errata/RHSA-2026:25250
- web https://access.redhat.com/errata/RHSA-2026:25251
- web https://access.redhat.com/errata/RHSA-2026:25252
- web https://access.redhat.com/errata/RHSA-2026:25253
- web https://access.redhat.com/errata/RHSA-2026:26445
- web https://access.redhat.com/errata/RHSA-2026:19022
- web https://access.redhat.com/errata/RHSA-2026:19026
- web https://access.redhat.com/errata/RHSA-2026:19027
- web https://access.redhat.com/errata/RHSA-2026:19031
- web https://access.redhat.com/errata/RHSA-2026:19032
- web https://access.redhat.com/errata/RHSA-2026:19049
- web https://access.redhat.com/errata/RHSA-2026:19055
- web https://access.redhat.com/errata/RHSA-2026:19126
- web https://access.redhat.com/errata/RHSA-2026:19128
- web https://access.redhat.com/errata/RHSA-2026:19132
- web https://access.redhat.com/errata/RHSA-2026:19133
- web https://access.redhat.com/errata/RHSA-2026:19135
- web https://access.redhat.com/errata/RHSA-2026:19181
- web https://access.redhat.com/errata/RHSA-2026:19184
- web https://access.redhat.com/errata/RHSA-2026:19185
- web https://access.redhat.com/errata/RHSA-2026:19207
- web https://access.redhat.com/errata/RHSA-2026:19350
- web https://access.redhat.com/errata/RHSA-2026:19353
- web https://access.redhat.com/errata/RHSA-2026:19375
- web https://access.redhat.com/errata/RHSA-2026:19475
- web https://access.redhat.com/errata/RHSA-2026:19634
- web https://access.redhat.com/errata/RHSA-2026:19719
- web https://access.redhat.com/errata/RHSA-2026:19720
- web https://access.redhat.com/errata/RHSA-2026:19721
- web https://access.redhat.com/errata/RHSA-2026:19750
- web https://access.redhat.com/errata/RHSA-2026:20041
- web https://access.redhat.com/errata/RHSA-2026:20088
- web https://access.redhat.com/errata/RHSA-2026:20581
- web https://access.redhat.com/errata/RHSA-2026:20582
- web https://github.com/advisories/GHSA-j3gx-2473-5fp8
- web https://access.redhat.com/errata/RHSA-2026:33722
- web https://access.redhat.com/errata/RHSA-2026:28886
- web https://access.redhat.com/errata/RHSA-2026:28893
- web https://access.redhat.com/errata/RHSA-2026:34365
- web https://access.redhat.com/errata/RHSA-2026:28961
- web https://access.redhat.com/errata/RHSA-2026:36317
- web https://access.redhat.com/errata/RHSA-2026:36319