LOW
golang.org/x/sys
CVE published 2026-05-22
CVE-2026-39824
CVE-2026-39824 describes an integer overflow vulnerability in the Go programming language's `NewNTUnicodeString` function. The function fails to validate that input string lengths fit within the maximum size of an NTUnicodeString structure (a 16-bit byte count). When provided with an oversized string, the function silently truncates the data rather than returning an error, which could lead to unexpected b [truncated]