pkg:Go/github.com/patrickhener/goshs/v2

All known vulnerabilities

• CRITICAL9.8CVE-2026-40884goshs has an empty-username SFTP password authentication bypass
  from 0, < 2.0.0
• HIGH8.8CVE-2026-40885goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access
  >= 2.0.0-beta.4, < 2.0.0-beta.6
• HIGH8.8CVE-2026-40876SFTP root escape via prefix-based path validation in goshs
  from 0, < 2.0.0
• HIGH8.1goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation
  >= 2.0.0-beta.4, < 2.0.0-beta.6
• MEDIUM6.5goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS
  from 0, < 2.0.2