<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cve-2026-40188 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/cve-2026-40188/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 03 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/cve-2026-40188/feed.xml" rel="self" type="application/rss+xml"/><item><title>goshs SimpleHTTPServer SFTP Rename Path Traversal Vulnerability (CVE-2026-40188)</title><link>https://feed.craftedsignal.io/briefs/2026-04-goshs-path-traversal/</link><pubDate>Wed, 03 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-04-goshs-path-traversal/</guid><description>The goshs SimpleHTTPServer, from version 1.0.7 to before 2.0.0-beta.4, is vulnerable to path traversal (CVE-2026-40188) due to insufficient sanitization of the destination path in the SFTP rename command, potentially allowing attackers with low privileges to write files outside the intended root directory.</description><content:encoded><![CDATA[<p>goshs is a SimpleHTTPServer written in Go. Versions 1.0.7 to before 2.0.0-beta.4 are vulnerable to a path traversal issue (CVE-2026-40188) within the SFTP rename command. This vulnerability arises because the application only sanitizes the source path during a rename operation, neglecting to sanitize the destination path. This oversight allows authenticated attackers with low privileges to manipulate file paths and potentially write files outside the designated SFTP root directory, leading to unauthorized file creation or modification. The vulnerability is resolved in version 2.0.0-beta.4. This vulnerability poses a risk to systems using vulnerable versions of goshs for file sharing.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker gains low-privilege access to the goshs server via SSH or other means.</li>
<li>Attacker establishes an SFTP session with the vulnerable goshs server.</li>
<li>Attacker identifies a file or directory within their authorized SFTP root.</li>
<li>Attacker crafts an SFTP rename command where the source is a legitimate file within their SFTP root.</li>
<li>The attacker crafts the destination path of the rename command to include path traversal sequences (e.g., &quot;../&quot;) to move outside of the intended root directory.</li>
<li>The vulnerable goshs server executes the rename command using the attacker-controlled destination path without proper sanitization.</li>
<li>The attacker successfully creates or overwrites files in unauthorized locations on the server's file system.</li>
<li>The attacker may leverage the ability to write arbitrary files to achieve persistence by modifying system configuration files.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of this vulnerability allows attackers to bypass intended access restrictions and potentially overwrite critical system files, leading to code execution or denial-of-service. The impact is high due to the potential for privilege escalation and system compromise. While the exact number of vulnerable installations is unknown, any organization using goshs versions 1.0.7 to before 2.0.0-beta.4 are potentially at risk. Successful exploitation can lead to unauthorized data modification, or system instability.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade goshs to version 2.0.0-beta.4 or later to remediate CVE-2026-40188 as mentioned in the overview.</li>
<li>Monitor SFTP logs for rename operations containing path traversal sequences like &quot;../&quot; in the destination path. (Generic Recommendation)</li>
<li>Implement file integrity monitoring (FIM) on critical system directories to detect unauthorized file modifications resulting from successful exploitation. (Generic Recommendation)</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>path-traversal</category><category>sftp</category><category>cve-2026-40188</category></item></channel></rss>