What is CVE-2026-29060?

CVE-2026-29060 is a medium-severity vulnerability in Forceu Gokapi, classified under Improper Access Control. CVSS score: 5.0/10. Published 2026-03-06.

How severe is CVE-2026-29060?

Medium severity. CVSS v3 base score is 5.0 out of 10.

Vulnerability in Forceu Gokapi

CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has t…

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L.

Affected products

Forceu Gokapi — versions < 2.2.3

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

https://github.com/Forceu/Gokapi/security/advisories/GHSA-m2hx-wjxc-9fp4 (x_refsource_CONFIRM)
https://github.com/Forceu/Gokapi/releases/tag/v2.2.3 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-29060?: CVE-2026-29060 is a medium-severity vulnerability in Forceu Gokapi, classified under Improper Access Control. CVSS score: 5.0/10. Published 2026-03-06.
How severe is CVE-2026-29060?: Medium severity. CVSS v3 base score is 5.0 out of 10.