CVE-2026-34581 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited se…
High CVSS: 8.1

CVE-2026-34581

goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2.
Vendor
-
Product
-
CWE
CWE-288
Yayın Tarihi
2026-04-02 19:21:32
Güncelleme
2026-04-03 16:10:23
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-288 HIGH 2026

Referanslar

https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216 https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2 https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g