CVE-2026-28682
Gokapi CVE-2026-28682 affects the self-hosted file sharing server Gokapi prior to 2.2.3. The vulnerability lies in the upload status SSE implementation for /uploadStatus, which previously published the global upload state to any authenticated listener and included file_id values not scoped to the...