EUVD-2026-36789

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

CVE-2026-50891

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

CVE-2026-50891

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

PT-2026-49332

Name of the Vulnerable Software and Affected Versions Filestash version 0.4.0 Description Incorrect access control in the '/admin/api/config' endpoint allows attackers to escalate privileges by sending a crafted request. Recommendations At the moment, there is no information about a newer version...

CVE-2026-50891

Filestash v0.4.0 contains an access-control issue in the /admin/api/config component that allows privilege escalation via a crafted request. Root cause: incorrect access control. Affected: Filestash 0.4.0 (CVE-2026-50891). Impact noted as high (CVE metrics: Confidentiality and Integrity I/H; CVSS...

CVE-2024-41255

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

CVE-2024-41256

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

EUVD-2024-38992

Malicious code in bioql PyPI...

GO-2024-3033 Filestash configured to skip TLS certificate verification when using the FTPS protocol in github.com/mickael-kerjean/filestash

Filestash configured to skip TLS certificate verification when using the FTPS protocol in github.com/mickael-kerjean/filestash...

GO-2024-3035 Filestash skips TLS certificate verification process when sending out email verification codes in github.com/mickael-kerjean/filestash

Filestash skips TLS certificate verification process when sending out email verification codes in github.com/mickael-kerjean/filestash...

Man-In-The-Middle Attack

github.com/mickael-kerjean/filestash is vulnerable to Man-In-The-Middle Attack. The vulnerability is due to the usage of ssh.InsecureIgnoreHostKey function, which disables host key verification, allowing attackers to obtain sensitive information via a man-in-the-middle attack...

TLS Certificate Verification Bypass

github.com/mickael-kerjean/filestash vulnerable to TLS certificate verification bypass. The vulnerability is due to insecure email verification code transmission, as TLS verification is being bypassed. Attackers can exploit this to intercept or tamper with email communications, potentially gainin...

GHSA-4JMM-C6JW-G796 Filestash configured to skip TLS certificate verification when using the FTPS protocol

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

Filestash configured to skip TLS certificate verification when using the FTPS protocol

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

Filestash skips TLS certificate verification process when sending out email verification codes

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...

GHSA-MPVX-WHPP-99XJ Filestash skips TLS certificate verification process when sending out email verification codes

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...

CVE-2024-41255

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go...

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...