CVE-2026-40188
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.7 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Vulnerability Description
goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-1314
Source
NVD
Vendor
patrickhener
Product
goshs
Discussion (0)
Add Comment
No comments yet. Be the first!