What is CVE-2026-52797?

CVE-2026-52797 is a high-severity vulnerability in Gogs, classified under Path Traversal. CVSS score: 8.5/10. Published 2026-06-24.

How severe is CVE-2026-52797?

High severity. CVSS v3 base score is 8.5 out of 10.

Path Traversal in Gogs

CVE-2026-52797

Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the…

Vulnerability class: Path Traversal (Directory Traversal)

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H.

Affected products

Gogs — versions < 0.14.0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-52797?: CVE-2026-52797 is a high-severity vulnerability in Gogs, classified under Path Traversal. CVSS score: 8.5/10. Published 2026-06-24.
How severe is CVE-2026-52797?: High severity. CVSS v3 base score is 8.5 out of 10.