CVE-2026-29060 - Gokapi: Privilege escalation with auth token

CVE ID : CVE-2026-29060 Published : March 6, 2026, 5:16 a.m. | 35 minutes ago Description : Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with Gokapi. If there are no users with access to the admin/upload menu, there is no impact. This issue has been patched in version 2.2.3. Severity: 5.0 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...