CVE-2025-68121 vulnerability detected in go/stdlib

[santhoshratala]

Summary

A security scan via AWS Inspector has identified a vulnerability (CVE-2025-68121) within the Go standard library used by the vault-lambda-extension.

Details

• Component: go/stdlib
• Required Fix Version: 1.26.0-rc.3 (or latest stable)
• Affected Path: extensions/vault-lambda-extension

Requested Action

Please update the Go toolchain and re-release the extension to resolve this security finding.

[santhoshratala]

I noticed there is an existing PR (#184) to bump the Go version to 1.25.7. Given this new finding, could we further update the Go version to 1.26.0-rc.3 (or the latest stable release) in that same PR to address CVE-2025-68121?

[santhoshratala]

Fixed by making use of arn:aws:lambda:ap-southeast-1:634166935893:layer:vault-lambda-extension:26