CVE-2026-42501

Daily digests

A malicious Go module proxy can serve modules that bypass the checksum database verification in `cmd/go`. This means a compromised or rogue proxy could slip tampered code into your Go builds without the checksum mismatch being caught. If you build Go code in CI/CD pipelines or on dev machines that pull from untrusted proxies, you're at risk of supply chain compromise.

• Daily Digest · May 12, 2026

  FireFighter Jira bot SSRF scores 9.9, patch now