CVE-2026-40876 | patrickhener goshs up to 2.0.0-beta.5 sftpserver/sftpserver.go DefaultHandler.GetHandler path traversal (GHSA-5h6h-7rc9-3824)

A vulnerability classified as critical was found in patrickhener goshs up to 2.0.0-beta.5. Affected by this issue is the function DefaultHandler.GetHandler of the file sftpserver/sftpserver.go. Such manipulation leads to path traversal.

This vulnerability is listed as CVE-2026-40876. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More