CVE-2026-28682

Medium CVSS: 6.4

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes file_id values that are not scoped to the requesting user. This issue has been patched in version 2.2.3.

Vendor

Forceu

Product

Gokapi

CWE

CWE-200

Yayın Tarihi

2026-03-06 05:16:38

Güncelleme

2026-03-09 18:50:41

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Gokapi MEDIUM Forceu 2026

Referanslar

https://github.com/Forceu/Gokapi/releases/tag/v2.2.3 https://github.com/Forceu/Gokapi/security/advisories/GHSA-c36c-7pc2-f2ph

Benzer Kayıtlar

Medium

CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insuffi…

Medium

CVE-2026-30955

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API end…

Medium

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunke…

Medium

CVE-2026-29084

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th…

Medium

CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…

Medium

CVE-2026-29061

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…