CVE Catalog

CVE-2026-52796

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

Gogs is an open source Git service that prior to version 0.14.3 was vulnerable to a panic error when rendering a specially crafted issue index pattern, resulting in denial of service.

Risk Assessment

Organizations may experience unavailability of pages in repositories that contain issue index references, which can impact service performance and availability.

Recommendation

It is recommended to upgrade Gogs to version 0.14.3 or later to mitigate this vulnerability.

Original NVD description (English source)

Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not safe: when the configured pattern contains an opening brace { but no closing brace }, strings.Index(template, "}") returns -1 and the subsequent slice template[:-1] triggers a panic. Once such a pattern is set, any page in the affected repository that contains an issue index reference such as #1 becomes unavailable. This vulnerability is fixed in 0.14.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS