Directory Traversal Vulnerability in Gogs Git Service
CVE-2026-52797

8.5HIGH

Key Information:

Vendor: Gogs
Status: Gogs
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52797?

Gogs, a self-hosted Git service, is susceptible to a directory traversal vulnerability that allows authorized users to manipulate the input to the git diff command. This vulnerability can enable attackers to bypass the intended restrictions, leading to the ability to write comparison results to arbitrary file paths on the server. This issue was addressed in version 0.14.0, following which users are encouraged to upgrade to mitigate the risks associated with this security flaw.

Affected Version(s)

gogs < 0.14.0

References

https://github.com/gogs/gogs/security/advisories/GHSA-pm6...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 8, 2026

CVE-2026-52797 Data

JSON