← voltar
CVE-2026-30955

Gokapi vulnerable to DoS in E2E Metadata Parser

CVSS 6.5 MEDIUMEPSS 0.2%CWE-400
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Forceu · Gokapi

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Forceu/Gokapi/releases/tag/v2.2.4https://github.com/Forceu/Gokapi/security/advisories/GHSA-qwc6-vc2v-2ggj