CVE-2026-52801
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk43th percentile — higher than 43% of all known CVEs
Summary
Gogs is an open source Git service that prior to version 0.14.3 had a vulnerability in the mirror settings functionality, allowing authenticated users to import local repositories without proper protection. The issue stems from a lack of validation in the SaveAddress function.
Risk Assessment
This vulnerability could allow unauthorized users to import repositories, potentially leading to data leaks or unauthorized changes to code. Organizations should be aware of the risks associated with outdated software versions.
Recommendation
It is recommended to update Gogs to version 0.14.3 or later to mitigate this vulnerability. Additionally, conducting a security audit to identify potential threats is advisable.
Original NVD description (English source)
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. This vulnerability is fixed in 0.14.3.

