CVE-2026-28682 | Forceu Gokapi up to 2.2.2 /uploadStatus file_id access control (GHSA-c36c-7pc2-f2ph)

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Forceu Gokapi up to 2.2.2. Affected is an unknown function of the file /uploadStatus. This manipulation of the argument file_id causes improper access controls.

This vulnerability is registered as CVE-2026-28682. Remote exploitation of the attack is possible. No exploit is available.

It is advisable to upgrade the affected component.

CVE-2026-28682 | Forceu Gokapi up to 2.2.2 /uploadStatus file_id access control (GHSA-c36c-7pc2-f2ph)

Post correlati

CVE-2024-49944 | Linux Kernel up to 6.11.2 sctp_listen_start null pointer dereference

CVE-2024-1092 | Feedzy RSS Aggregator Plugin up to 4.4.1 on WordPress authorization

CVE-2023-42823 | Apple macOS Log access control

CVE-2024-38574 | Linux Kernel up to 6.8.11/6.9.2 libbpf bpf_objec_load_prog null pointer dereference (ef80b59acfa4/1fd91360a758/9bf48fa19a4b)