← Zuruck zu CVEs
CVE-2026-26194
HIGH7.3
Beschreibung
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been patched in version 0.14.2.
CVE Details
CVSS v3.1 Bewertung7.3
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht3/5/2026
Zuletzt geandert3/6/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
gogs:gogs
Schwachen (CWE)
CWE-88
Referenzen
https://github.com/gogs/gogs/commit/a000f0c7a632ada40e6829abdeea525db4c0fc2d(security-advisories@github.com)
https://github.com/gogs/gogs/pull/8175(security-advisories@github.com)
https://github.com/gogs/gogs/releases/tag/v0.14.2(security-advisories@github.com)
https://github.com/gogs/gogs/security/advisories/GHSA-v9vm-r24h-6rqm(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.