Open Source Git Service Vulnerability in Gogs
CVE-2026-47267
8.3HIGH
What is CVE-2026-47267?
A vulnerability in Gogs, an open-source self-hosted Git service, allows webhooks to redirect to URLs that resolve within localCIDRs despite previous fixes. This flaw enables potential unauthorized access to local resources when the service processes webhook requests. The vulnerability is addressed in version 0.14.3, ensuring that webhooks do not follow redirects to local address spaces.
Affected Version(s)
gogs < 0.14.3