Security Advisory

CVE-2026-40903

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-21 19:43:36

Last updated 2026-04-22 13:45:41

Assigner GitHub_M

State PUBLISHED

Description

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6.

← Browse all CVEs View on cve.org ↗