GoYou Cybersecurity (EN)

GoYou Cybersecurity (EN)

Critical RCE Vulnerability in Gogs: Remote Code Execution via Malicious Pull Requests

7 min · 29. touko 2026
Aloita maksutta
jakson Critical RCE Vulnerability in Gogs: Remote Code Execution via Malicious Pull Requests kansikuva

Kuvaus

A critical argument injection vulnerability in Gogs, a popular open-source self-hosted Git service, allows authenticated users to achieve remote code execution (RCE) on the server. The exploit involves creating a pull request with a malicious branch name that injects the --exec flag into git rebase during the merge operation. This vulnerability, scored as CVSSv4 9.4 (Critical), enables attackers to compromise the server, read every repository, dump credentials, pivot to other systems, and modify hosted repository code. The vulnerability affects Gogs versions 0.14.2 and 0.15.0+dev, with no patch available at the time of publication. Leggi su GoYou [https://www.goyou.it/en/cybersecurity/2026/05/29/critical-rce-vulnerability-in-gogs-remote-code-execution-via-malicious-pull.html]

Kommentit

0

Ole ensimmäinen kommentoija

Rekisteröidy nyt ja liity GoYou Cybersecurity (EN)-yhteisöön!

Aloita maksutta

14 vrk ilmainen kokeilu

Kokeilun jälkeen 7,99 € / kuukausi. · Peru milloin tahansa.

  • Podimon podcastit
  • 20 kuunteluaikaa / kuukausi
  • Lataa offline-käyttöön
Aloita maksutta

Kaikki jaksot

300 jaksot