CVE-2026-35392 | patrickhener goshs up to 2.0.0-beta.2 httpserver/updown.go path traversal (GHSA-g8mv-vp7j-qp64)

Inserito da Angelo Barbosa | Apr 6, 2026 | CVE

A vulnerability marked as critical has been reported in patrickhener goshs up to 2.0.0-beta.2. Affected is an unknown function of the file httpserver/updown.go. Performing a manipulation results in path traversal.

This vulnerability is known as CVE-2026-35392. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-35392 | patrickhener goshs up to 2.0.0-beta.2 httpserver/updown.go path traversal (GHSA-g8mv-vp7j-qp64)

Post correlati

CVE-2025-49453 | Jatinder Pal Singh BP Profile as Homepage Plugin up to 1.1 on WordPress cross-site request forgery

CVE-2023-7204 | WP STAGING Backup Plugin up to 3.1.x on WordPress access control

CVE-2023-48132 | kosei entertainment esportsstudioLegends mini-app on Line 13.6.1 Channel Access Token information disclosure

CVE-2022-44633 | YITH WooCommerce Gift Cards Premium Plugin up to 3.23.1 on WordPress authorization