CVE-2026-30943

Medium CVSS: 4.1

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. This vulnerability is fixed in 2.2.4.

Vendor

Forceu

Product

Gokapi

CWE

CWE-863

Yayın Tarihi

2026-03-13 19:54:35

Güncelleme

2026-03-17 13:48:39

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Gokapi MEDIUM Forceu 2026

Referanslar

https://github.com/Forceu/Gokapi/releases/tag/v2.2.4 https://github.com/Forceu/Gokapi/security/advisories/GHSA-j6jp-78w8-34x6

Benzer Kayıtlar

Medium

CVE-2026-30955

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API end…

Medium

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunke…

Medium

CVE-2026-29084

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th…

Medium

CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…

Medium

CVE-2026-29061

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…

Medium

CVE-2026-28682

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th…