At a glance: Multiple critical vulnerabilities in Gogs allow attackers to obtain elevated privileges, execute arbitrary code, and take over systems.
The Git hosting system Gogs has multiple vulnerabilities that enable attackers to execute arbitrary code with elevated privileges and gain complete control over affected systems.
The Git hosting system Gogs is affected by multiple critical vulnerabilities, as documented by the Federal Office for Information Security (CERT-Bund) in security advisory WID-SEC-2026-2013. Through these flaws, attackers can obtain elevated privileges, execute arbitrary code with privileged rights, and thereby gain complete control over the affected system.
The attacker’s potential extends further to bypassing security measures, manipulating data, conducting cross-site scripting (XSS) attacks, and redirecting users to malicious websites. Additionally, there is the possibility of causing denial-of-service conditions that compromise system availability.
For CISOs, timely inventory of all Gogs installations in the IT infrastructure is required. The identified attack vectors ranging from privilege escalation to direct code execution require immediate patches. Further details and available fixes should be requested immediately from CERT-Bund and the Gogs project.
Source: wid.cert-bund.de · Published 19 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.