GO-2026-4695 Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload in github.com/forceu/gokapi

Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabili...

CVE-2026-30961 Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an...

EUVD-2026-12080

Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload...

Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload

Summary The chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an oversized file into chunks each under MaxSize and upload them sequentially, bypassing the size...