CVE-2026-52804
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3.
Risk Assessment
The risk involves unauthorized takeover of full repository control by a collaborator, potentially leading to data integrity breaches, source code theft, or sabotage.
Recommendation
It is recommended to immediately upgrade Gogs to version 0.14.3 or later to eliminate the privilege escalation vulnerability.
Original NVD description (English source)
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3.

