Security Advisory

CVE-2026-28683

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-06 04:44:32

Last updated 2026-03-06 16:06:43

Assigner GitHub_M

State PUBLISHED

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, if a malicious authenticated user uploads SVG and creates a hotlink for it, they can achieve stored XSS. This issue has been patched in version 2.2.3.

← Browse all CVEs View on cve.org ↗