CVE-2026-52801

EPSS 0.57%
Veröffentlicht 24.06.2026 20:18:55
Zuletzt bearbeitet 25.06.2026 14:19:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Gogs: Ability to import local repositories via Mirror Settings

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. This vulnerability is fixed in 0.14.3.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellergogs

≫

Produkt gogs

Version < 0.14.3

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.428

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/gogs/gogs/releases/tag/v0.14.3

https://github.com/gogs/gogs/security/advisories/GHSA-wv27-2vqp-j7g5

https://github.com/gogs/gogs/pull/8225

https://github.com/gogs/gogs/commit/11e19f28b5c82466fd1689c94344ef4313ee986c

https://nvd.nist.gov/vuln/detail/CVE-2026-52801

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-52801

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-52801

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-52801