Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with Gokapi. If there are no users with access to the admin/upload menu, there is no impact. This issue has been patched in version 2.2.3.

INFO

Published Date :

2026-03-06T04:44:55.534Z

Last Modified :

2026-03-06T04:44:55.534Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-29060 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-29060.

URL Resource
https://github.com/Forceu/Gokapi/releases/tag/v2.2.3 cve-icon cve-icon
https://github.com/Forceu/Gokapi/security/advisories/GHSA-m2hx-wjxc-9fp4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact