CYBERSIXT Signal Over Noise
securityonline.info 6/26/2026, 3:31:52 AM · external

Critical RCE flaw CVE-2026-52813 hits Gogs, patch out

Critical RCE flaw CVE-2026-52813 hits Gogs, patch out
CyberSIXT Evidence Panel
Primary Source github.com
CVE Intel
CVE-2026-52813 - NVD Not in KEV 10 CRITICAL Patch Unknown
CVE-2026-52806 - NVD Not in KEV 9.9 CRITICAL Patch Unknown
CVE-2026-52811 - NVD Not in KEV 9 CRITICAL Patch Unknown
CISA KEV Not in KEV
Patch Patch Status Unknown

THE security alert highlights three critical remote code execution (RCE) vulnerabilities in Gogs, identified as CVE-2026-52813, CVE-2026-52806, and CVE-2026-52811, which have CVSS scores ranging from 9 to 10. These vulnerabilities allow attackers to exploit the self-hosted Git service through improper input validation, path traversal, and symlink manipulation. Despite the availability of patches in version 0.14.3, no confirmed exploitations have currently been reported. Users are advised to upgrade immediately to mitigate risks.

View Primary Source Via securityonline.info

Article by CyberSIXT