Security Advisory

CVE-2026-28682

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-06 04:43:59

Last updated 2026-03-06 16:06:54

Assigner GitHub_M

State PUBLISHED

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes file_id values that are not scoped to the requesting user. This issue has been patched in version 2.2.3.

← Browse all CVEs View on cve.org ↗