VDB

CESS-2026-30955

CESS-2026-30955 PUBLISHED CVSS 6.5 MEDIUM

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

  • Mar 13, 2026 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›