CVE-2026-52801

HIGH NVD

CVSS Score 8.1

Severity HIGH

Published Jun 24, 2026

Vendor unknown

Description

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. This vulnerability is fixed in 0.14.3.

References

https://github.com/gogs/gogs/commit/11e19f28b5c82466fd1689c94344ef4313ee986c
https://github.com/gogs/gogs/pull/8225
https://github.com/gogs/gogs/releases/tag/v0.14.3
https://github.com/gogs/gogs/security/advisories/GHSA-wv27-2vqp-j7g5