cbcvebase.
CVE-2026-52801
published 2026-06-24

CVE-2026-52801: Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New…

PriorityP348high8.1CVSS 3.1
AVNACLPRLUINSUCHINAH
EPSS
0.57%
42.8th percentile
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. This vulnerability is fixed in 0.14.3.

Affected

2 ranges
VendorProductVersion rangeFixed in
gogs.iogogs>= 0 < 0.14.30.14.3
gogsgogs< 0.14.30.14.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.