Back to CVE List

CVE-2026-30955

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-400
Source
NVD
Vendor
Forceu
Product
Gokapi

External References

Discussion (0)

Add Comment

No comments yet. Be the first!