CVE-2026-22592 — Missing Authorization in Gogs

CWE-862 — Missing Authorization5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 95.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gogs Gogs.io Gogs

Timeline

PublishedFeb 6

Latest updateFeb 17

Description

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5gogs/gogs< 0.14.0+dev

▶NVDgogs/gogs< 0.13.4

▶Gogogs.io/gogs< 0.13.4

🔴Vulnerability Details

OSV

Gogs has a Denial of Service issue in gogs.io/gogs↗2026-02-17

▶

OSV

Gogs has a Denial of Service issue↗2026-02-06

▶

GHSA

Gogs has a Denial of Service issue↗2026-02-06

▶

🕵️Threat Intelligence

Wiz

CVE-2026-22592 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶