ThreatCluster

Multiple CVEs Identified for Code Injection and Execution via Go Command

First seen 18 Feb 2026, 15:24 UTC Api.Msrc.Microsoft 82% similarity 53

Article Content

Browse articles
ThreatCluster

Two vulnerabilities have been reported related to the Go programming language's command line tool. CVE-2023-29402, published on June 8, 2023, involves code injection via the 'go' command with cgo, while CVE-2020-28367, published on November 18, 2020, allows for arbitrary code execution in a similar context. Both vulnerabilities affect users of the Go toolchain utilizing cgo.

ThreatCluster AI

Timeline

2020-11-18
CVE-2020-28367 published
2023-06-08
CVE-2023-29402 published
2026-02-18
Both vulnerabilities reported in articles

Community

Browse all →