Unauthenticated Information Disclosure in Gogs Git Service
CVE-2026-52815

5.5MEDIUM

Key Information:

Vendor: Gogs
Status: Gogs
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52815?

Gogs, an open-source self-hosted Git service, is susceptible to an unauthenticated information disclosure vulnerability affecting versions prior to 0.14.3. The flaw allows any unauthenticated user to access sensitive information through the GET /api/v1/orgs/:orgname/teams endpoint, which reveals team IDs, names, descriptions, and permission levels without the need for authentication. This exposes organizations to unauthorized access and potential exploitation of sensitive data by malicious actors. The issue has been addressed in version 0.14.3, which incorporates proper authentication checks to safeguard team information.

Affected Version(s)

gogs < 0.14.3

References

https://github.com/gogs/gogs/security/advisories/GHSA-744...

x_refsource_CONFIRM

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 8, 2026

CVE-2026-52815 Data

JSON