CVE-2026-30955

Medium CVSS: 6.5

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.

Vendor

Forceu

Product

Gokapi

CWE

CWE-400

Yayın Tarihi

2026-03-13 19:54:35

Güncelleme

2026-03-17 13:46:57

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-400 Gokapi MEDIUM Forceu 2026

Referanslar

https://github.com/Forceu/Gokapi/releases/tag/v2.2.4 https://github.com/Forceu/Gokapi/security/advisories/GHSA-qwc6-vc2v-2ggj

Benzer Kayıtlar

Medium

CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insuffi…

Medium

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunke…

Medium

CVE-2026-29084

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th…

Medium

CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…

Medium

CVE-2026-29061

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a…

Medium

CVE-2026-28682

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, th…