CVE-2026-30955 | THREATINT

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.

PUBLISHED Reserved 2026-03-07 | Published 2026-03-13 | Updated 2026-03-13 | Assigner GitHub_M

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-400: Uncontrolled Resource Consumption

Product status

< 2.2.4

affected

References

github.com/...Gokapi/security/advisories/GHSA-qwc6-vc2v-2ggj

github.com/Forceu/Gokapi/releases/tag/v2.2.4

cve.org (CVE-2026-30955)

nvd.nist.gov (CVE-2026-30955)

Download JSON