2 matches found
CVE-2026-52811
CVE-2026-52811 (Gogs) : In versions 0.14.0–0.14.2, UploadRepoFiles checks for symlinks only on the leaf path, while other code paths validate the entire path. An attacker with repo-write access can upload a file whose filename contains a backslash, which path normalization converts to a multi-seg...
CVE-2026-52804
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3...