CVE-2026-52801

high

Description

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. This vulnerability is fixed in 0.14.3.

References

https://github.com/gogs/gogs/security/advisories/GHSA-wv27-2vqp-j7g5

https://github.com/gogs/gogs/releases/tag/v0.14.3

https://github.com/gogs/gogs/pull/8225

https://github.com/gogs/gogs/commit/11e19f28b5c82466fd1689c94344ef4313ee986c

Details

Source: Mitre, NVD

Published: 2026-06-24

Updated: 2026-06-25

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00569