—
GO-2026-5728
goshs has a file-based ACL authorization bypass in goshs state-changing routes in github.com/patrickhener/goshs
Details
goshs has a file-based ACL authorization bypass in goshs state-changing routes in github.com/patrickhener/goshs
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/patrickhener/goshs
Introduced in:
0 No fixed version published yet for github.com/patrickhener/goshs (go modules). Pin to a known-safe version or switch to an alternative.
References
- https://github.com/patrickhener/goshs/security/advisories/GHSA-wvhv-qcqf-f3cx [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-40189 [ADVISORY]
- https://github.com/patrickhener/goshs/commit/f212c4f4a126556bab008f79758e21a839ef2c0f [FIX]
- https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.4 [WEB]