Skip to content

CVE lookup

CVE-2026-42091

Pruva has a verified reproduction for CVE-2026-42091: goshs: PUT upload accepts cross-origin requests without CSRF token. The canonical evidence record is REPRO-2026-00158.

REPRO

REPRO-2026-00158

Package

github.com/patrickhener/goshs · go

Severity

MEDIUM

Status

published