Denial of Service Vulnerability in Gogs Git Service
CVE-2026-52796

3.5LOW

Key Information:

Vendor: Gogs
Status: Gogs
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52796?

Gogs, an open source self-hosted Git service, is susceptible to denial of service due to a flaw in its issue index pattern rendering. Versions prior to 0.14.3 are affected. When a specially crafted issue index pattern is used, a panic can be triggered during the rendering process, rendering any affected pages in the repository unavailable. This occurs when the pattern includes an opening brace without a corresponding closing brace, leading to improper index handling in the code. Users are urged to upgrade to version 0.14.3 or later to mitigate this vulnerability.

Affected Version(s)

gogs < 0.14.3

References

https://github.com/gogs/gogs/security/advisories/GHSA-4j8...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 8, 2026

CVE-2026-52796 Data

JSON