CVE-2026-28683

High CVSS: 8.7

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, if a malicious authenticated user uploads SVG and creates a hotlink for it, they can achieve stored XSS. This issue has been patched in version 2.2.3.

Vendor

Forceu

Product

Gokapi

CWE

CWE-79

Yayın Tarihi

2026-03-06 05:16:38

Güncelleme

2026-03-09 18:52:48

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Gokapi HIGH Forceu 2026

Referanslar

https://github.com/Forceu/Gokapi/releases/tag/v2.2.3 https://github.com/Forceu/Gokapi/security/advisories/GHSA-3c22-5j5m-4jq7

Benzer Kayıtlar

Medium

CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insuffi…

Medium

CVE-2026-30955

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API end…

Medium

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunke…

Medium

CVE-2026-29084

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th…

Medium

CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…

Medium

CVE-2026-29061

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…