CWE-1314

Missing Write Protection for Parametric Data Values

1 CVEs Avg CVSS 7.7 MITRE

0

CRITICAL

1

HIGH

0

MEDIUM

0

LOW

0

POC

0

KEV

Monthly

CVE-2026-40188 HIGH GHSA This Week

Path traversal in patrickhener goshs SFTP rename operation enables authenticated attackers to write files outside the configured root directory. Versions 1.0.7 through 2.0.0-beta.3 fail to sanitize destination paths in SFTP rename commands, allowing low-privileged users to overwrite arbitrary filesystem locations with network access. High integrity impact with scope change indicates potential host compromise. No public exploit identified at time of analysis.

Information Disclosure Goshs

NVD GitHub

CVSS 3.1

7.7

EPSS

0.0%

CVE-2026-40188

EPSS 0% CVSS 7.7

HIGH This Week

Path traversal in patrickhener goshs SFTP rename operation enables authenticated attackers to write files outside the configured root directory. Versions 1.0.7 through 2.0.0-beta.3 fail to sanitize destination paths in SFTP rename commands, allowing low-privileged users to overwrite arbitrary filesystem locations with network access. High integrity impact with scope change indicates potential host compromise. No public exploit identified at time of analysis.

Information Disclosure Goshs

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy