Security Advisory

CVE-2026-29084

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-06 04:45:29

Last updated 2026-03-06 16:06:15

Assigner GitHub_M

State PUBLISHED

Description

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a session on successful credential validation. This issue has been patched in version 2.2.3.

← Browse all CVEs View on cve.org ↗