CVE-2026-44319: Go Fatal Log In Goroutine
$LOGGER.$FATAL(...) inside a goroutine calls os.Exit(1) after logging, which immediately terminates the entire process — even when the goroutine contains a defer/recover handler. This turns any transient error (e.g., an unreachable callback URI) into a process-level crash that cannot be caught by the caller. Replace with a non-fatal method such as Errorf or
greprules fetch cve-2026-44319-go-fatal-log-in-goroutine --engine opengrepDescription
$LOGGER.$FATAL(...) inside a goroutine calls os.Exit(1) after logging, which immediately terminates the entire process — even when the goroutine contains a defer/recover handler. This turns any transient error (e.g., an unreachable callback URI) into a process-level crash that cannot be caught by the caller. Replace with a non-fatal method such as Errorf or
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.