{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T12:23:30.818","vulnerabilities":[{"cve":{"id":"CVE-2026-29060","sourceIdentifier":"security-advisories@github.com","published":"2026-03-06T05:16:40.620","lastModified":"2026-03-09T18:52:32.457","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with Gokapi. If there are no users with access to the admin/upload menu, there is no impact. This issue has been patched in version 2.2.3."},{"lang":"es","value":"Gokapi es un servidor de intercambio de archivos autoalojado con soporte para expiración automática y cifrado. Antes de la versión 2.2.3, un usuario registrado sin privilegios para crear o modificar solicitudes de archivos puede crear una clave API de corta duración que tiene permiso para hacerlo. El usuario debe estar registrado en Gokapi. Si no hay usuarios con acceso al menú de administración/carga, no hay impacto. Este problema ha sido parcheado en la versión 2.2.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:forceu:gokapi:*:*:*:*:*:*:*:*","versionEndExcluding":"2.2.3","matchCriteriaId":"8645BF69-6E20-4571-ABA4-A9C590D032C8"}]}]}],"references":[{"url":"https://github.com/Forceu/Gokapi/releases/tag/v2.2.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/Forceu/Gokapi/security/advisories/GHSA-m2hx-wjxc-9fp4","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}