CVE-2026-29084

Medium CVSS: 4.6

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a session on successful credential validation. This issue has been patched in version 2.2.3.

Vendor

Forceu

Product

Gokapi

CWE

CWE-352

Yayın Tarihi

2026-03-06 05:16:41

Güncelleme

2026-03-09 18:53:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-352 Gokapi MEDIUM Forceu 2026

Referanslar

https://github.com/Forceu/Gokapi/releases/tag/v2.2.3 https://github.com/Forceu/Gokapi/security/advisories/GHSA-hcff-qv74-7hr4

Benzer Kayıtlar

Medium

CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insuffi…

Medium

CVE-2026-30955

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API end…

Medium

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunke…

Medium

CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…

Medium

CVE-2026-29061

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…

Medium

CVE-2026-28682

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th…