diff --git a/.changelog/16788.txt b/.changelog/16788.txt
new file mode 100644
index 000000000..b9de48f06
--- /dev/null
+++ b/.changelog/16788.txt
@@ -0,0 +1,3 @@
+```release-note:security
+build: update to Go 1.20.3 to prevent denial of service attack via malicious HTTP headers [CVE-2023-24534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534)
+```
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 98615c6fb..e750ee790 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -450,7 +450,7 @@ executors:
   go:
     working_directory: /go/src/github.com/hashicorp/nomad
     docker:
-      - image: docker.mirror.hashicorp.services/golang:1.20.2
+      - image: docker.mirror.hashicorp.services/golang:1.20.3
     resource_class: medium
     environment:
       <<: *common_envs
@@ -463,7 +463,7 @@ executors:
       resource_class: large
     environment: &machine_env
       <<: *common_envs
-      GOLANG_VERSION: 1.20.2
+      GOLANG_VERSION: 1.20.3
 
   go-macos:
     working_directory: ~/go/src/github.com/hashicorp/nomad
@@ -472,7 +472,7 @@ executors:
     environment:
       <<: *common_envs
       GOPATH: /Users/distiller/go
-      GOLANG_VERSION: 1.20.2
+      GOLANG_VERSION: 1.20.3
 
   go-windows:
     machine:
@@ -484,7 +484,7 @@ executors:
       GOPATH: c:\gopath
       GOBIN: c:\gopath\bin
       GOTESTSUM_PATH: c:\tmp\test-reports
-      GOLANG_VERSION: 1.20.2
+      GOLANG_VERSION: 1.20.3
       GOTESTSUM_VERSION: 1.7.0
       VAULT_VERSION: 1.4.1
 
diff --git a/.go-version b/.go-version
index 769e37e15..f5b00dc26 100644
--- a/.go-version
+++ b/.go-version
@@ -1 +1 @@
-1.20.2
+1.20.3
diff --git a/contributing/README.md b/contributing/README.md
index c7b6f90d5..7bed708fc 100644
--- a/contributing/README.md
+++ b/contributing/README.md
@@ -30,7 +30,7 @@ A development environment is supplied via Vagrant to make getting started easier
 
 Developing without Vagrant
 ---
-1. Install [Go 1.20.2+](https://golang.org/) *(Note: `gcc-go` is not supported)*
+1. Install [Go 1.20.3+](https://golang.org/) *(Note: `gcc-go` is not supported)*
 1. Clone this repo
    ```sh
    $ git clone https://github.com/hashicorp/nomad.git
diff --git a/scripts/release/mac-remote-build b/scripts/release/mac-remote-build
index 8403becfd..566f9ad67 100755
--- a/scripts/release/mac-remote-build
+++ b/scripts/release/mac-remote-build
@@ -56,7 +56,7 @@ REPO_PATH="${TMP_WORKSPACE}/gopath/src/github.com/hashicorp/nomad"
 mkdir -p "${TMP_WORKSPACE}/tmp"
 
 install_go() {
-  local go_version="1.20.2"
+  local go_version="1.20.3"
   local download=
 
   download="https://storage.googleapis.com/golang/go${go_version}.darwin-amd64.tar.gz"