CVE lookup
CVE-2026-42091
Pruva has a verified reproduction for CVE-2026-42091: goshs: PUT upload accepts cross-origin requests without CSRF token. The canonical evidence record is REPRO-2026-00158.
REPRO
REPRO-2026-00158
Package
github.com/patrickhener/goshs · go
Severity
MEDIUM
Status
published