CVE-2026-40189: CWE-862: Missing Authorization in patrickhener goshs CVE-2026-40189 is a critical authorization bypass vulnerability in the goshs SimpleHTTPServer written in Go. Versions prior to 2.0.0-beta.4 enforce ACL/basic-auth only on directory listings and file reads but do not enforce authorization on

CRITICAL: patrickhener goshs <2.0.0-beta.4 lets unauth users upload, delete, and bypass folder auth! Upgrade to 2.0.0-beta.4+ ASAP. Restrict access until fixed. radar.offseq.com/threat/cve-2026-40189-cw... #OffSeq #CVE202640189 #GoLang

CVE-2026-40189: CWE-862: Missing Authorization in patrickhener goshs CVE-2026-40189 is a critical authorization bypass vulnerability in the goshs SimpleHTTPServer written in Go. Versions prior to 2.0.0-beta.4 enforce ACL/basic-auth only on directory listings and file reads but do not enforce authorization on

CRITICAL: goshs <2.0.0-beta.4 lets attackers bypass auth, upload/delete files, and expose protected data. Upgrade to 2.0.0-beta.4+ ASAP to secure your server! radar.offseq.com/threat/cve-2026-40189-cw... #OffSeq #CVE202640189 #security