Vendor
critical
advisory
goshs SimpleHTTPServer SFTP Authentication Bypass Vulnerability (CVE-2026-40884)
2 rules 1 TTP 1 CVEgoshs SimpleHTTPServer prior to version 2.0.0-beta.6 contains an SFTP authentication bypass vulnerability that allows unauthenticated network attackers to access files when the server is started with specific configuration parameters.
SimpleHTTPServer
authentication-bypass
sftp
vulnerability
network
2r
1t
1c
high
advisory
goshs SimpleHTTPServer SFTP Rename Path Traversal Vulnerability (CVE-2026-40188)
2 rules 1 TTP 1 CVEThe goshs SimpleHTTPServer, from version 1.0.7 to before 2.0.0-beta.4, is vulnerable to path traversal (CVE-2026-40188) due to insufficient sanitization of the destination path in the SFTP rename command, potentially allowing attackers with low privileges to write files outside the intended root directory.
goshs
path-traversal
sftp
cve-2026-40188
2r
1t
1c