Skip to main content

Golang Org X Tools Gopls

1 CVEs product

Monthly

CVE-2026-42503 HIGH PATCH This Week

Adjacent network code execution in gopls language server occurs when developers use debugging flags -listen or -port without explicit host specification. The Go language server (gopls) binds to all network interfaces (0.0.0.0) instead of localhost when these debugging flags are used, enabling unauthenticated remote code execution from adjacent network attackers. No public exploit identified at time of analysis, though the attack vector is straightforward for developers who enable network debugging in shared network environments like coffee shops or corporate LANs. EPSS data not available for this recent CVE.

Information Disclosure Golang Org X Tools Gopls
NVD
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Adjacent network code execution in gopls language server occurs when developers use debugging flags -listen or -port without explicit host specification. The Go language server (gopls) binds to all network interfaces (0.0.0.0) instead of localhost when these debugging flags are used, enabling unauthenticated remote code execution from adjacent network attackers. No public exploit identified at time of analysis, though the attack vector is straightforward for developers who enable network debugging in shared network environments like coffee shops or corporate LANs. EPSS data not available for this recent CVE.

Information Disclosure Golang Org X Tools Gopls
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy