From f3d2e479bdd41f2881f14b286a6a8bc484be61fe Mon Sep 17 00:00:00 2001
From: Travis Bischel <travis.bischel+github@gmail.com>
Date: Sun, 10 May 2026 15:38:37 -0600
Subject: [PATCH] Bump Go toolchain to 1.26.3 to address Snyk findings

Fixes HIGH severity stdlib vulnerabilities:
- CVE-2026-33811 Double Free in std/net (GO-2026-4981)
- CVE-2026-39836 Uncaught Exception in std/net (GO-2026-4971)
- CVE-2026-33814 Infinite loop in std/net/http (GO-2026-4918)
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 95e4f25d2..e482360f7 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/redpanda-data/benthos/v4
 
-go 1.26.1
+go 1.26.3
 
 require (
 	cuelang.org/go v0.16.1