CVE Catalog

CVE-2026-52801

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.57%

43th percentile — higher than 43% of all known CVEs

Summary

Gogs is an open source Git service that prior to version 0.14.3 had a vulnerability in the mirror settings functionality, allowing authenticated users to import local repositories without proper protection. The issue stems from a lack of validation in the SaveAddress function.

Risk Assessment

This vulnerability could allow unauthorized users to import repositories, potentially leading to data leaks or unauthorized changes to code. Organizations should be aware of the risks associated with outdated software versions.

Recommendation

It is recommended to update Gogs to version 0.14.3 or later to mitigate this vulnerability. Additionally, conducting a security audit to identify potential threats is advisable.

Original NVD description (English source)

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. This vulnerability is fixed in 0.14.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS