diff --git a/.circleci/config.yml b/.circleci/config.yml
index 535f67229..5e6069895 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -13,7 +13,7 @@ jobs:
   build:
     parallelism: 8
     docker:
-      - image: cimg/go:1.26.1
+      - image: cimg/go:1.26.2
     steps:
       - checkout
 
@@ -37,7 +37,7 @@ jobs:
 
   report:
     docker:
-      - image: cimg/go:1.26.1
+      - image: cimg/go:1.26.2
     steps:
       - checkout
       - attach_workspace:
diff --git a/Dockerfile b/Dockerfile
index 6fb34bf3c..fa7040160 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # golang alpine
-FROM golang:1.26.1-alpine AS builder
+FROM golang:1.26.2-alpine AS builder
 
 ARG TARGETARCH
 ARG TARGETOS
diff --git a/docs/pages/release_notes.rst b/docs/pages/release_notes.rst
index 2bf298250..d32807198 100644
--- a/docs/pages/release_notes.rst
+++ b/docs/pages/release_notes.rst
@@ -3,6 +3,16 @@
 Release notes
 #############
 
+*************************
+Hazelnut update (v5.4.30)
+*************************
+
+Release date: 2026-04-10
+
+- Upgrade Go to 1.26.2 to fix GO-2026-4865 (html/template XSS), GO-2026-4866 (crypto/x509 auth bypass), GO-2026-4869 (archive/tar DoS), GO-2026-4870 (crypto/tls DoS), GO-2026-4946 (crypto/x509 DoS)
+
+**Full Changelog**: https://github.com/nuts-foundation/nuts-node/compare/v5.4.29...v5.4.30
+
 *************************
 Hazelnut update (v5.4.29)
 *************************
diff --git a/go.mod b/go.mod
index b17fa12f6..0c02fcbe6 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/nuts-foundation/nuts-node
 
 // This is the minimal version, the actual go version is determined by the images in the Dockerfile
 // This version is used in automated tests such as the 'Scheduled govulncheck' action
-go 1.26.1
+go 1.26.2
 
 require (
 	github.com/alicebob/miniredis/v2 v2.34.0