Skip to main content

CWE-1314

Missing Write Protection for Parametric Data Values

1 CVEs Avg CVSS 7.7 MITRE
0
CRITICAL
1
HIGH
0
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-40188 Go HIGH PATCH GHSA This Week

Path traversal in patrickhener goshs SFTP rename operation enables authenticated attackers to write files outside the configured root directory. Versions 1.0.7 through 2.0.0-beta.3 fail to sanitize destination paths in SFTP rename commands, allowing low-privileged users to overwrite arbitrary filesystem locations with network access. High integrity impact with scope change indicates potential host compromise. No public exploit identified at time of analysis.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-40188 Go
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Path traversal in patrickhener goshs SFTP rename operation enables authenticated attackers to write files outside the configured root directory. Versions 1.0.7 through 2.0.0-beta.3 fail to sanitize destination paths in SFTP rename commands, allowing low-privileged users to overwrite arbitrary filesystem locations with network access. High integrity impact with scope change indicates potential host compromise. No public exploit identified at time of analysis.

Information Disclosure Suse
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy