TECHNICAL IMPACT STATEMENT: SWP/Deep Security 20.x Agent & Endpoint Basecamp for Multiple Go Vulnerabilities

Product / Version includes:

Deep Security 20.0

Last updated: 2026/05/26

Solution ID: KA-0023520

Category:

Summary

This article serves as an official communication from TrendAI regarding the technical impact of the following vulnerability as it relates to Server and Workload Protection (SWP) and Deep Security 20.x Agent, as well as TrendAI Endpoint Basecamp for multiple Go standard library vulnerabilities.

Technical Analysis by CVE

1. CVE-2026-25679: Go Invalid URL Parsing

CVSSv3.1: 7.5 (High Severity)
Deep Security/SWP: N/A (does not use impacted library)
Endpoint Basecamp: As of May 20, 2026, the Endpoint Basecamp has been updated to Go version 1.26.2 which covers this vulnerability.

2. CVE-2026-32280: Go Certificate Chain DoS

CVSSv3.1: Not Yet Assigned
Deep Security/SWP: Based on the analysis of the vulnerability by the TrendAI development team, it has been confirmed that SWP/Deep Security Agent is not affected or impacted by this vulnerability. However, the Go libraries that are in use are scheduled to be updated in the Deep Security Agent (DSA) June 2026 regular release.
Endpoint Basecamp: As of May 20, 2026, the Endpoint Basecamp has been updated to Go version 1.26.2 which covers this vulnerability.

3. CVE-2026-32281: Go Policy Mapping Chain Validation DoS

CVSSv3.1: Not Yet Assigned
Deep Security/SWP: Based on the analysis of the vulnerability by the TrendAI development team, it has been confirmed that SWP/Deep Security Agent is not affected or impacted by this vulnerability. However, the Go libraries that are in use are scheduled to be updated in the Deep Security Agent (DSA) June 2026 regular release.
Endpoint Basecamp: As of May 20, 2026, the Endpoint Basecamp has been updated to Go version 1.26.2 which covers this vulnerability.

4. CVE-2026-32283: Go TLS 1.3 Key Update Deadlock DoS

CVSSv3.1: Not Yet Assigned
Deep Security/SWP: Based on the analysis of the vulnerability by the TrendAI development team, it has been confirmed that SWP/Deep Security Agent is not affected or impacted by this vulnerability. However, the Go libraries that are in use are scheduled to be updated in the Deep Security Agent (DSA) June 2026 regular release.
Endpoint Basecamp: As of May 20, 2026, the Endpoint Basecamp has been updated to Go version 1.26.2 which covers this vulnerability.

5. CVE-2026-33810: Go Wildcard DNS Constraint Bypass

CVSSv3.1: Not Yet Assigned
Deep Security/SWP: Based on the analysis of the vulnerability by the TrendAI development team, it has been confirmed that SWP/Deep Security Agent is not affected or impacted by this vulnerability. However, the Go libraries that are in use are scheduled to be updated in the Deep Security Agent (DSA) June 2026 regular release.
Endpoint Basecamp: N/A (does not use impacted component)

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

TECHNICAL IMPACT STATEMENT: SWP/Deep Security 20.x Agent & Endpoint Basecamp for Multiple Go Vulnerabilities

Technical Analysis by CVE

TECHNICAL IMPACT STATEMENT: SWP/Deep Security 20.x Agent & Endpoint Basecamp for Multiple Go Vulnerabilities

Product / Version includes:

Summary

Technical Analysis by CVE