CVE Catalog

CVE-2026-52804

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3.

Risk Assessment

The risk involves unauthorized takeover of full repository control by a collaborator, potentially leading to data integrity breaches, source code theft, or sabotage.

Recommendation

It is recommended to immediately upgrade Gogs to version 0.14.3 or later to eliminate the privilege escalation vulnerability.

Original NVD description (English source)

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS