Multiple CVEs Identified for Code Injection and Execution via Go Command
First seen 18 Feb 2026, 15:24 UTC
•
•82% similarity
•53
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Two vulnerabilities have been reported related to the Go programming language's command line tool. CVE-2023-29402, published on June 8, 2023, involves code injection via the 'go' command with cgo, while CVE-2020-28367, published on November 18, 2020, allows for arbitrary code execution in a similar context. Both vulnerabilities affect users of the Go toolchain utilizing cgo.
ThreatCluster AI
Timeline
2020-11-18
CVE-2020-28367 published
2023-06-08
CVE-2023-29402 published
2026-02-18
Both vulnerabilities reported in articles