CVE-2026-42503

Published: Mag 06, 2026 Last Modified: Mag 06, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.
If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopls will listen on 0.0.0.0.
As a result, users might inadvertently cause gopls to bind 0.0.0.0.
This can allow a malicious party on the same network to execute code arbitrarily via gopls.

1327

Binding to an Unrestricted IP Address

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability

Potential Impacts:

Dos: Amplification

Applicable Platforms

Languages: Other

Technologies: Client Server, Cloud Computing, Web Server

View CWE Details

https://go.dev/cl/774381

https://go.dev/issue/79211

CVE-2026-42503

Description

Binding to an Unrestricted IP Address

Common Consequences

Applicable Platforms

Iscriviti alla newsletter