CVE-2026-52797
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
Gogs is an open source Git service that, prior to version 0.14.0, allowed authorized users to manipulate the value passed to the git diff command. This enabled users to bypass filtering and write the comparison result to any arbitrary location.
Risk Assessment
This vulnerability could lead to unauthorized data writes in the system, posing a risk to data integrity and potential attacks on the organization's IT infrastructure.
Recommendation
It is recommended to upgrade Gogs to version 0.14.0 or later to eliminate this vulnerability and secure the system against potential attacks.
Original NVD description (English source)
Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the target directory and write the result of the comparison to any arbitrary path. This vulnerability is fixed in 0.14.0.

