Feed›Vulnerability›Gogs patches critical zero-day enabling remote code executio...

VulnerabilityBleeping Computer

9.9 — CRITICAL

Gogs patches critical zero-day enabling remote code execution

📅 8 June 2026 at 16:18 UTC📰 Bleeping ComputerView original source ↗

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Gogs has patched a critical zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories, including private ones. This vulnerability affects all Gogs releases up to and including 0.14.2 and 0.15.0+, and can be exploited by authenticated attackers without admin privileges.

⚙️Technical Details

Affected Systems

Gogs servers with default configurations

Attack Vectors

Network, Network

💥Impact Assessment

Severity: Critical

Who Is at Risk

Internet-facing Gogs instances and users with basic user privileges

🛡️Recommended Actions

1Restrict user registration to prevent untrusted users from creating accounts

2Restrict repository creation to prevent users from creating their own repos

3Audit rebase merge settings to prevent exploitation by malicious users

📦Affected Products

Gogs GogsGogs

🔐NVD Verified DataVERIFIED

CVE-2024-39933 ↗CVSS 7.7 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Weaknesses

CWE-88

Affected Products (CPE)

Gogs Gogs

CVE-2024-39932 ↗CVSS 9.9 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-94

Affected Products (CPE)

Gogs Gogs

CVE-2026-26194 ↗CVSS 7.3 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Weaknesses

CWE-88

Affected Products (CPE)

Gogs Gogs

Patches & References

🔧 https://github.com/gogs/gogs/commit/a000f0c7a632ada40e6829abdeea525db4…📋 https://github.com/gogs/gogs/security/advisories/GHSA-v9vm-r24h-6rqm

CVE-2024-39930 ↗CVSS 9.9 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-88

Affected Products (CPE)

Gogs Gogs

CVE-2025-8110 ↗CVSS 8.8 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-22

Affected Products (CPE)

Gogs Gogs

Patches & References

🔧 https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec2…🔧 https://github.com/gogs/gogs/pull/8078 📋 https://github.com/gogs/gogs/pull/8078

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed