GoYou Cybersecurity (EN)

GoYou Cybersecurity (EN)

Critical RCE Vulnerability in Gogs: Remote Code Execution via Malicious Pull Requests

7 min · 29 de may de 2026
Empezar
Portada del episodio Critical RCE Vulnerability in Gogs: Remote Code Execution via Malicious Pull Requests

Descripción

A critical argument injection vulnerability in Gogs, a popular open-source self-hosted Git service, allows authenticated users to achieve remote code execution (RCE) on the server. The exploit involves creating a pull request with a malicious branch name that injects the --exec flag into git rebase during the merge operation. This vulnerability, scored as CVSSv4 9.4 (Critical), enables attackers to compromise the server, read every repository, dump credentials, pivot to other systems, and modify hosted repository code. The vulnerability affects Gogs versions 0.14.2 and 0.15.0+dev, with no patch available at the time of publication. Leggi su GoYou [https://www.goyou.it/en/cybersecurity/2026/05/29/critical-rce-vulnerability-in-gogs-remote-code-execution-via-malicious-pull.html]

Comentarios

0

Sé la primera persona en comentar

¡Regístrate ahora y únete a la comunidad de GoYou Cybersecurity (EN)!

Empezar

2 meses por 1 €

Después 4,99 € / mes · Cancela cuando quieras.

  • Podcasts exclusivos
  • 20 horas de audiolibros / mes
  • Podcast gratuitos
Empezar

Todos los episodios

300 episodios