109 matches found
CVE-2026-30961
Gokapi
CVE-2026-30955
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...
CVE-2026-30955 Gokapi vulnerable to DoS in E2E Metadata Parser
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...
CVE-2026-30955 Gokapi vulnerable to DoS in E2E Metadata Parser
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...
CVE-2026-30955 Gokapi vulnerable to DoS in E2E Metadata Parser
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...
CVE-2026-30955
Gokapi (self-hosted file sharing server) is affected by CVE-2026-30955 due to an API endpoint that accepts unbounded request bodies, allowing an authenticated user to cause an out-of-memory (OOM) kill and complete service disruption for all users. The issue is fixed in version 2.2.4 . Impact: ava...
CVE-2026-30943
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
CVE-2026-30943 Gokapi has Privilege Escalation in File Replace
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
CVE-2026-30943
Gokapi prior to version 2.2.4 contains an insufficient authorization check in the file replace API. A user with only list visibility permission (UserPermListOtherUploads) could delete another user’s file by abusing the deleteNewFile flag, effectively escalating privileges. The issue is fixed in 2...
CVE-2026-30943 Gokapi has Privilege Escalation in File Replace
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
CVE-2026-30943 Gokapi has Privilege Escalation in File Replace
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
EUVD-2026-12080
Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the chunked upload completion. An attacker can exhaust server storage and circumvent administrative resource policies by uploading files exceeding the configured per-request size...
EUVD-2026-12077
Gokapi vulnerable to DoS in E2E Metadata Parser...
Gokapi vulnerable to DoS in E2E Metadata Parser
Summary An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. Impact Any authenticated user can crash the Gokapi server by sending concurrent large payloads...
GHSA-QWC6-VC2V-2GGJ Gokapi vulnerable to DoS in E2E Metadata Parser
Summary An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. Impact Any authenticated user can crash the Gokapi server by sending concurrent large payloads...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the file replace API. An attacker can delete files belonging to other users by abusing insufficient authorization checks on the deleteNewFile flag. Note: This is only exploitable if the attacker has permission...
EUVD-2026-12075
Gokapi vulnerable to Privilege Escalation in File Replace...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the file replace API. An attacker can delete files belonging to other users by abusing insufficient authorization checks on the deleteNewFile flag. Note: This is only exploitable if the attacker has permission...
GHSA-J6JP-78W8-34X6 Gokapi vulnerable to Privilege Escalation in File Replace
Summary An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. Impact Any authenticated user...