MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2026-29084

🟡 MEDIUM

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechani...

Published
Mar 06, 2026
Last Modified
Mar 06, 2026
Views
11
Bookmarks
0

Description

Request Expert Review

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a session on successful credential validation. This issue has been patched in version 2.2.3.

CVSS Scores

CVSS 3.1 4.6
4.6
MEDIUM
CVSS 2.0 4.6

References

github.com github.com

Additional Information

Source
security-advisories@github.com
State
Received

Related CVEs

CVE-2026-29061

MEDIUM

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerabi...

Score: 5.4

CVE-2026-29060

MEDIUM

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privil...

Score: 5.0

CVE-2026-28787

HIGH

OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authentication implementation does not...

Score: 8.2

CVE-2026-28685

MEDIUM

Kimai is a web-based multi-user time-tracking application. Prior to version 2.51.0, "GET /api/invoices/{id}" only checks the role-based view_invoice p...

Score: 6.5

CVE-2026-28683

HIGH

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, if a malicious authenticated use...

Score: 8.7

CVE-2026-28682

MEDIUM

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementa...

Score: 6.4

Share CVE-2026-29084

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-29084 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis