{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-34581/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-34581","authentication-bypass","code-execution"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-34581 affects goshs, a SimpleHTTPServer written in Go. Versions 1.1.0 to before 2.0.0-beta.2 are susceptible to an authentication bypass vulnerability. When a user attempts to access the server with a Share Token, it is possible to bypass the intended file download restriction, gaining access to all goshs functionalities. This includes the ability to execute arbitrary code on the server. The vulnerability was patched in version 2.0.0-beta.2. This vulnerability allows unauthenticated attackers to potentially gain full control of the server hosting goshs. Organizations using affected versions of goshs should upgrade immediately.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a server running a vulnerable version of goshs (1.1.0 to before 2.0.0-beta.2).\u003c/li\u003e\n\u003cli\u003eAttacker requests a resource that should be protected by the Share Token.\u003c/li\u003e\n\u003cli\u003eThe server prompts for the Share Token.\u003c/li\u003e\n\u003cli\u003eAttacker exploits the authentication bypass vulnerability by manipulating the request (details not specified in source).\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation grants the attacker access to all goshs functionalities, bypassing the intended file download restriction.\u003c/li\u003e\n\u003cli\u003eAttacker leverages the unrestricted access to execute arbitrary code on the server.\u003c/li\u003e\n\u003cli\u003eAttacker gains a shell or other form of remote access to the compromised server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-34581 allows an unauthenticated attacker to execute arbitrary code on the server. This can lead to complete system compromise, data theft, or denial of service. The impact is significant for organizations using vulnerable versions of goshs to serve sensitive files or applications. The report does not mention the number of victims, but the severity is high given the potential for code execution.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade goshs to version 2.0.0-beta.2 or later to patch CVE-2026-34581 (reference: \u003ca href=\"https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2)\"\u003ehttps://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Goshs Code Execution via Auth Bypass\u003c/code\u003e to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity related to goshs, specifically requests that might be attempting to bypass authentication.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T19:21:32Z","date_published":"2026-04-02T19:21:32Z","id":"/briefs/2026-04-goshs-auth-bypass/","summary":"goshs versions 1.1.0 to before 2.0.0-beta.2 are vulnerable to authentication bypass via Share Token, potentially allowing code execution (CVE-2026-34581).","title":"goshs Authentication Bypass Vulnerability (CVE-2026-34581)","url":"https://feed.craftedsignal.io/briefs/2026-04-goshs-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-34581","version":"https://jsonfeed.org/version/1.1"}