CVE-2026-39822
CVE Details
Visit the official vulnerability details page for CVE-2026-39822 to learn more.
Initial Publication
07/08/2026
Last Update
07/08/2026
Third Party Dependency
go
NIST CVE Summary
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.
CVE Severity
Our Official Summary
Investigation is ongoing to determine how this vulnerability affects our products.
Status
Received
Affected Products & Versions
| Version | PaletteAI | PaletteAI VerteX |
|---|---|---|
| 1.1.6 | ⚠️ Impacted | ⚠️ Impacted |
| 1.0.7 | ⚠️ Impacted | ⚠️ Impacted |
Revision History
No revisions available.