CVE Catalog

CVE-2026-52797

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

Gogs is an open source Git service that, prior to version 0.14.0, allowed authorized users to manipulate the value passed to the git diff command. This enabled users to bypass filtering and write the comparison result to any arbitrary location.

Risk Assessment

This vulnerability could lead to unauthorized data writes in the system, posing a risk to data integrity and potential attacks on the organization's IT infrastructure.

Recommendation

It is recommended to upgrade Gogs to version 0.14.0 or later to eliminate this vulnerability and secure the system against potential attacks.

Original NVD description (English source)

Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the target directory and write the result of the comparison to any arbitrary path. This vulnerability is fixed in 0.14.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS