CVE-2026-29060

Medium CVSS: 5.0

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with Gokapi. If there are no users with access to the admin/upload menu, there is no impact. This issue has been patched in version 2.2.3.

Vendor

Forceu

Product

Gokapi

CWE

CWE-284

Yayın Tarihi

2026-03-06 05:16:40

Güncelleme

2026-03-09 18:52:32

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-284 Gokapi MEDIUM Forceu 2026

Referanslar

https://github.com/Forceu/Gokapi/releases/tag/v2.2.3 https://github.com/Forceu/Gokapi/security/advisories/GHSA-m2hx-wjxc-9fp4

Benzer Kayıtlar

Medium

CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insuffi…

Medium

CVE-2026-30955

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API end…

Medium

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunke…

Medium

CVE-2026-29084

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th…

Medium

CVE-2026-29061

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…

Medium

CVE-2026-28682

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th…