Feed›Vulnerability›New Gogs zero-day flaw lets hackers get remote code executio...

VulnerabilityBleeping Computer

9.9 — CRITICAL

New Gogs zero-day flaw lets hackers get remote code execution

📅 28 May 2026 at 14:25 UTC📰 Bleeping ComputerView original source ↗

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A previously unpatched zero-day vulnerability in Gogs allows authenticated attackers to gain remote code execution, potentially compromising servers and repositories.

⚙️Technical Details

Affected Systems

Gogs self-hosted Git service

Attack Vectors

NETWORK, NETWORK

💥Impact Assessment

Severity: CRITICAL

Who Is at Risk

Internet-facing Gogs servers with default configurations and open registration enabled by default

🛡️Recommended Actions

1Enable registration and limit repository creation to prevent unauthenticated attackers from exploiting the vulnerability.

2Regularly update Gogs to the latest release versions (Gogs 0.15.0+) to patch the vulnerability.

3Monitor servers for suspicious activity and implement additional security controls to mitigate potential attacks.

📦Affected Products

Gogs GogsGogs

🔐NVD Verified DataVERIFIED

CVE-2024-39933 ↗CVSS 7.7 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Weaknesses

CWE-88

Affected Products (CPE)

Gogs Gogs

CVE-2024-39932 ↗CVSS 9.9 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-94

Affected Products (CPE)

Gogs Gogs

CVE-2026-26194 ↗CVSS 7.3 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Weaknesses

CWE-88

Affected Products (CPE)

Gogs Gogs

Patches & References

🔧 https://github.com/gogs/gogs/commit/a000f0c7a632ada40e6829abdeea525db4…📋 https://github.com/gogs/gogs/security/advisories/GHSA-v9vm-r24h-6rqm

CVE-2024-39930 ↗CVSS 9.9 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-88

Affected Products (CPE)

Gogs Gogs

CVE-2025-8110 ↗CVSS 8.8 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-22

Affected Products (CPE)

Gogs Gogs

Patches & References

🔧 https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec2…🔧 https://github.com/gogs/gogs/pull/8078 📋 https://github.com/gogs/gogs/pull/8078

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed