Vulnerabilities

Report: CVE-2026-40188 - goshs is Missing Write Protection for Parametric Data Values - Analysis

2026-04-10 0 views admin

CVE ID :CVE-2026-40188 Published : April 10, 2026, 8:16 p.m. | 1 hour, 28 minutes ago Description :goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4. Severity: 7.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-40188

Severity

HIGH

Published

April 10, 2026

🏷️ Tags

report40188goshsmissingwriteprotectionparametricvaluesanalysiscve

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-40188 - goshs is Missing Write Protection for Parametric Data Values - Analysis

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-30232 - Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs - 2025 Update

Report: - Password bypass when 2FA is activated CVE-2026-40177

Report: CVE-2026-40175 - Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain - Complete Guide

Report: Ultimate Guide: CVE-2026-40168 - Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting