{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30943", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-07T17:34:39.979Z", "datePublished": "2026-03-13T19:07:01.576Z", "dateUpdated": "2026-03-13T19:40:38.395Z"}, "containers": {"cna": {"title": "Gokapi has Privilege Escalation in File Replace", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Forceu/Gokapi/security/advisories/GHSA-j6jp-78w8-34x6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Forceu/Gokapi/security/advisories/GHSA-j6jp-78w8-34x6"}, {"name": "https://github.com/Forceu/Gokapi/releases/tag/v2.2.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/Forceu/Gokapi/releases/tag/v2.2.4"}], "affected": [{"vendor": "Forceu", "product": "Gokapi", "versions": [{"version": "< 2.2.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T19:07:01.576Z"}, "descriptions": [{"lang": "en", "value": "Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. This vulnerability is fixed in 2.2.4."}], "source": {"advisory": "GHSA-j6jp-78w8-34x6", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T19:40:28.442954Z", "id": "CVE-2026-30943", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:40:38.395Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30943", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T19:40:28.442954Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:40:33.761Z"}}], "cna": {"title": "Gokapi has Privilege Escalation in File Replace", "source": {"advisory": "GHSA-j6jp-78w8-34x6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Forceu", "product": "Gokapi", "versions": [{"status": "affected", "version": "< 2.2.4"}]}], "references": [{"url": "https://github.com/Forceu/Gokapi/security/advisories/GHSA-j6jp-78w8-34x6", "name": "https://github.com/Forceu/Gokapi/security/advisories/GHSA-j6jp-78w8-34x6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Forceu/Gokapi/releases/tag/v2.2.4", "name": "https://github.com/Forceu/Gokapi/releases/tag/v2.2.4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. This vulnerability is fixed in 2.2.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T19:07:01.576Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30943", "state": "PUBLISHED", "dateUpdated": "2026-03-13T19:40:38.395Z", "dateReserved": "2026-03-07T17:34:39.979Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-13T19:07:01.576Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:forceu:gokapi:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE6F3F4D-D449-43DD-BB3D-86F98581926C", "versionEndExcluding": "2.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. This vulnerability is fixed in 2.2.4."}], "id": "CVE-2026-30943", "lastModified": "2026-03-17T13:48:39.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-13T19:54:35.573", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/Forceu/Gokapi/releases/tag/v2.2.4"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/Forceu/Gokapi/security/advisories/GHSA-j6jp-78w8-34x6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.2.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Gokapi", "source": "cna", "vendor": "Forceu"}, "product": "gokapi", "vendor": "forceu"}], "analysis": {"en": {"generated_at": "2026-03-17T17:19:24.316287+00:00", "value": {"mitigation_remediation": ["Upgrade Gokapi to version 2.2.4 or later.", "Verify that the Gokapi instance is running version 2.2.4 or newer."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All versions of Forceu Gokapi older than 2.2.4 are affected. The vulnerability is present in Gokapi releases prior to v2.2.4, as indicated in the Forceu advisory and the GitHub release notes. The affected product is listed under the CPE string cpe:2.3:a:forceu:gokapi:*:*:*:*:*:*:*:* and is used as a self\u2011hosted file sharing server.", "description_and_impact": "An insufficient authorization check in Gokapi's file replace API allows an authenticated user with only list visibility permission (UserPermListOtherUploads) to delete files owned by other users by setting the deleteNewFile flag. This privilege escalation leads to unauthorized data deletion, affecting confidentiality and availability of stored files. The vulnerability is identified by CWE-863.", "risk_and_exploitability": "The CVSS base score is 4.1, indicating low severity. EPSS score is less than 1\u202f% and the vulnerability is not listed in CISA's KEV catalog, suggesting a low likelihood of exploitation in the wild. The attack vector requires authentication to the API and permission to list uploads; an attacker can exploit this by sending a crafted request to the file replace endpoint with deleteNewFile set to true. No public exploits have been reported, but administrators should still mitigate by updating."}}}}, "created": "2026-03-16T09:24:28.280412+00:00", "updated": "2026-03-23T13:40:19.855562+00:00", "vendors": ["forceu", "forceu$PRODUCT$gokapi"]}