CVE-2026-25242

CVE-2026-25242 (Gogs) affects Gogs, an open source self-hosted Git service. Versions 0.13.4 and earlier expose unauthenticated file upload endpoints by default. When the global RequireSigninView is disabled (default), remote users can upload arbitrary files to /releases/attachments and /issues/at...

Unauthenticated File Upload in Gogs

Security Advisory:Unauthenticated File Upload in Gogs Vulnerability Type: Unauthenticated File Upload Date: Aug 5, 2025 Discoverer: OpenAI Security Research Summary Gogs exposes unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any...