logo

Public Exploits Released for Three Gogs RCE Flaws, CVSS Up to 10

ID: 7c3ef25e-0cc5-5381-af05-2de7c06a5042

STIX ID: report--7c3ef25e-0cc5-5381-af05-2de7c06a5042

Feed Name: securityonline.info

Threat Score
80/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Do Son

...
...

Gogs released version 0.14.3 to patch three critical RCE vulnerabilities (CVSS 9.4–10) that allow unauthenticated or low-privilege users to achieve remote code execution via organization name path traversal, branch/rebase argument injection, and symlink-based file writes; working proofs-of-concept are public, multiple instance types are exposed, and administrators should update immediately and disable open registration as a stopgap.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.