CVE-2026-30955
Unrestricted Request Size in Gokapi API Causes DoS
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| forceu | gokapi | to 2.2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30955 is a Denial of Service (DoS) vulnerability in the Gokapi file sharing server up to version 2.2.3. The issue occurs because an API endpoint accepts request bodies without any size limit. An authenticated user can exploit this by sending multiple large requests concurrently, which causes uncontrolled consumption of system memory.
This uncontrolled resource consumption leads to an out-of-memory (OOM) kill, crashing the server and causing complete service disruption for all users.
The vulnerability is fixed in version 2.2.4.
How can this vulnerability impact me? :
This vulnerability can cause a complete denial of service on the Gokapi server by allowing an authenticated user to crash the service through excessive memory consumption.
- Service disruption for all users due to server crash.
- Potential loss of availability of file sharing services hosted on the affected server.
- Requires only low privileges (authenticated user) and no user interaction, making it relatively easy to exploit.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unusually large or numerous concurrent API request bodies sent by authenticated users to the Gokapi server. Since the issue involves unbounded request sizes causing resource exhaustion, network traffic analysis focusing on large payloads to the API endpoint is key.'}, {'type': 'paragraph', 'content': 'You can use network monitoring tools or commands to identify large HTTP POST requests to the Gokapi API endpoints. For example, using tcpdump or tshark to capture and filter large HTTP requests:'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) > 1000)'"}, {'type': 'list_item', 'content': 'tshark -i <interface> -Y \'http.request.method == "POST" and frame.len > 1000\' -T fields -e ip.src -e http.request.uri -e frame.len'}, {'type': 'paragraph', 'content': 'Additionally, monitoring system logs and resource usage for signs of out-of-memory (OOM) kills or service crashes related to the Gokapi process can help detect exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate and recommended mitigation is to upgrade the Gokapi server to version 2.2.4 or later, where this vulnerability has been fixed.'}, {'type': 'paragraph', 'content': "Until the upgrade can be performed, you should restrict or monitor authenticated users' ability to send large or multiple concurrent requests to the API endpoint to prevent resource exhaustion."}, {'type': 'paragraph', 'content': 'Implementing rate limiting, request size limits, or firewall rules to block unusually large payloads can help reduce the risk of exploitation.'}] [1]