CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-30955

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is fixed in 2.2.4.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.9%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/Forceu/Gokapi/releases/tag/v2.2.4
https://github.com/Forceu/Gokapi/security/advisories/GHSA-qwc6-vc2v-2ggj

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-30955

Products

Pricing

Contact Us