CVE-2026-30955

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.4

Description Gokapi is a self-hosted file sharing server that supports automatic expiration and encryption. An API endpoint is susceptible to accepting request bodies of unlimited size. An authenticated user can exploit this to cause an Out-Of-Memory (OOM) kill, leading to a complete service disruption for all users. The issue impacts the server's stability and availability. The affected API endpoint accepts unbounded request bodies. The request body is the vulnerable parameter.

Recommendations Update to version 2.2.4 or later.