Detections
Analytics

CVE-2026-30955

medium

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.

References

https://github.com/Forceu/Gokapi/security/advisories/GHSA-qwc6-vc2v-2ggj

https://github.com/Forceu/Gokapi/releases/tag/v2.2.4

Details

Source: Mitre, NVD

Published: 2026-03-13

Updated: 2026-03-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00023