Back to CVE List

CVE-2026-40188

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.7 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Vulnerability Description

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-1314
Source
NVD
Vendor
patrickhener
Product
goshs

External References

Discussion (0)

Add Comment

No comments yet. Be the first!