How severe is GHSA-mxg3-432p-mr72?

GHSA-mxg3-432p-mr72 has a CVSS score of 7.4/10, rated HIGH. Immediate patching is strongly recommended.

Which packages are affected by GHSA-mxg3-432p-mr72?

GHSA-mxg3-432p-mr72 affects the following packages: goshs.de/goshs/v2 (Go). Ecosystems affected: Go.

How do I fix GHSA-mxg3-432p-mr72?

Update goshs.de/goshs/v2 to 2.0.7 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-mxg3-432p-mr72 is resolved across your whole dependency graph.

How do I detect GHSA-mxg3-432p-mr72 in my Go dependencies?

Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for goshs.de/goshs/v2. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

How do I mitigate GHSA-mxg3-432p-mr72 if there is no patch (or I can't update yet)?

If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

How does O3 Security protect against GHSA-mxg3-432p-mr72?

O3 pinpoints whether GHSA-mxg3-432p-mr72 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Is GHSA-mxg3-432p-mr72 actively exploited in the wild?

No public exploit code has been indexed for GHSA-mxg3-432p-mr72 yet. This does not mean the vulnerability cannot be exploited — absence of public exploits does not imply safety. Apply the recommended fix and use O3 Security to monitor your exposure.

When was GHSA-mxg3-432p-mr72 published, and has it been updated?

GHSA-mxg3-432p-mr72 was published on May 15, 2026 and was last updated on June 25, 2026. Advisory data evolves as severity scores, affected ranges, and exploit intelligence are revised — always check the latest version of the advisory before acting.

🐹 Go

GHSA-mxg3-432p-mr72

HIGH

goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request

Also known asGO-2026-5519

Published

May 15, 2026

Updated

Jun 25, 2026

Affected

1 pkg

Patched

1 / 1

Exploits

None indexed

Blast Radius

1 pkg affected

🐹goshs.de/goshs/v2

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.

Description

Summary

The --tunnel / -t flag opens an outbound SSH connection to localhost.run:22 with HostKeyCallback: ssh.InsecureIgnoreHostKey(). The Go documentation for that function states verbatim: "It should not be used for production code." With the callback disabled the client accepts any host key the server presents, so an attacker who can intercept the operator's TCP connection to localhost.run:22 (any router on the path, malicious local network, ARP/DNS spoof on the operator's LAN, BGP hijack, malicious VPN) can present their own SSH host key, terminate the SSH session locally, and proxy onward — sitting transparently in the middle of the tunnel.

Because localhost.run does TLS termination at their end, the HTTP traffic on the SSH leg is plaintext, so the on-path attacker reads and rewrites every request and response in cleartext. The goshs operator gets no warning; the public URL works normally.

Affected Code

File: tunnel/tunnel.go

func Start(localIP string, localPort int) (*Tunnel, error) {
    config := &ssh.ClientConfig{
        User:            "nokey",
        Auth:            []ssh.AuthMethod{ssh.Password("")},
        HostKeyCallback: ssh.InsecureIgnoreHostKey(), // accepts any server key
        Timeout:         10 * time.Second,
        BannerCallback:  func(banner string) error { return nil },
    }
    client, err := ssh.Dial("tcp", "localhost.run:22", config)
    ...
}

There is no fallback verification — no ssh.FixedHostKey, no known_hosts read, no TOFU pin. Every invocation of goshs --tunnel is equally vulnerable.

Exploit Chain

Operator runs goshs --tunnel. tunnel.Start() opens an SSH client to localhost.run:22 with InsecureIgnoreHostKey().
Attacker positioned on the network path (compromised router, café Wi-Fi MITM, malicious VPN exit, hostile ISP, BGP hijack, or arpspoof + DNS spoof on the operator's LAN) intercepts the outbound TCP connection to localhost.run:22 and answers with their own SSH server.
The attacker's fake SSH server presents an attacker-generated host key. The goshs client's HostKeyCallback returns nil unconditionally. Handshake completes; the client believes it is talking to localhost.run.
The attacker proxies the SSH session onward to the real localhost.run:22, forwarding the URL capture so Start() reads back the genuine https://*.lhr.life line and returns successfully. The operator sees the public URL printed to stdout exactly as expected.
Every HTTP request arriving at the public URL is routed over the SSH session. The attacker reads every URL, query string, header, body, and Authorization value sent by every visitor.
For each response the attacker can rewrite the body or headers — serving modified files, injecting HTML/JS, redirecting requests, or stripping Set-Cookie attributes.
Captured basic-auth credentials give the attacker authenticated access to upload, share-link, catcher, clipboard, and CLI endpoints. If goshs is running credential-collection listeners (SMB/LDAP/SMTP), the captured NTLM hashes and SMTP messages flowing through the tunnel are also exposed.

Impact

Confidentiality (High): all HTTP request and response content is readable by the on-path attacker (URLs, headers, basic-auth Authorization, file contents, share-link tokens, the ?goshs-info JSON dump).
Integrity (High): attacker can modify responses in-flight — replace served files, inject <script> into HTML responses, swap offered binaries for backdoored ones.
Availability: not affected.

Preconditions

Operator must be running goshs --tunnel / goshs -t.
Attacker must hold a network-on-path position between the operator and localhost.run:22 (LAN MITM, malicious Wi-Fi, hostile ISP/VPN, BGP hijack, or DNS spoofing combined with an attacker-controlled SSH endpoint).

Fix (applied in v2.0.7)

ssh.InsecureIgnoreHostKey() has been replaced with a Trust-On-First-Use (TOFU) host key callback backed by ~/.config/goshs/known_hosts.

Behaviour after the fix:

On first connection: goshs accepts the host key presented by localhost.run, writes it to ~/.config/goshs/known_hosts (mode 0600), and prints two warning lines:
```
WARN  tunnel: pinned new host key for localhost.run:22 (SHA256:<fingerprint>) in ~/.config/goshs/known_hosts
WARN  tunnel: verify with: ssh-keyscan localhost.run 2>/dev/null | ssh-keygen -l -f -
```
The operator should compare the printed fingerprint against the ssh-keyscan output to confirm no MITM occurred on that first connection.
On subsequent connections: the stored key is loaded via golang.org/x/crypto/ssh/knownhosts and the presented key is verified against it. A mismatch returns a typed HostKeyMismatchError and goshs exits immediately with:
```
FATAL tunnel: ssh: host key mismatch for localhost.run:22 — possible MITM attack.
      If localhost.run legitimately rotated its key, delete ~/.config/goshs/known_hosts and reconnect
```

Files changed:

File	Change
`config/config.go`	Added `Dir()` — creates and returns `~/.config/goshs` (mode `0700`)
`main.go`	Calls `config.Dir()` on every startup to ensure the directory exists
`tunnel/tunnel.go`	Replaced `InsecureIgnoreHostKey()` with `buildTOFUCallback(knownHostsFile)`; added exported `HostKeyMismatchError` type
`httpserver/server.go`	Resolves `~/.config/goshs/known_hosts` via `config.Dir()`, passes it to `tunnel.Start()`; fatal-exits on `HostKeyMismatchError`

Implementation uses only already-vendored dependencies (golang.org/x/crypto/ssh/knownhosts is part of the existing golang.org/x/crypto direct dependency — no new modules added).

Affected Packages

1 total 1 fixed

Ecosystem	Package	Vulnerable range	Fix
🐹Go	`goshs.de/goshs/v2`	all versions	2.0.7

Detection & mitigation playbook

Open-source dependency

Detect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for goshs.de/goshs/v2. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update goshs.de/goshs/v2 to 2.0.7 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-mxg3-432p-mr72 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-mxg3-432p-mr72 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-mxg3-432p-mr72. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Summary The `--tunnel` / `-t` flag opens an outbound SSH connection to `localhost.run:22` with `HostKeyCallback: ssh.InsecureIgnoreHostKey()`. The Go documentation for that function states verbatim: *"It should not be used for production code."* With the callback disabled the client accepts any host key the server presents, so an attacker who can intercept the operator's TCP connection to `localhost.run:22` (any router on the path, malicious local network, ARP/DNS spoof on the operator's LAN, BGP hijack, malicious VPN) can present their own SSH host key, terminate the SSH session locally,

O3 Security · Impact-Aware SCA

Is GHSA-mxg3-432p-mr72 in your dependencies?

O3 detects GHSA-mxg3-432p-mr72 across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works