Resource exhaustion in Gogs

CVE-2026-52814

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service (DoS) attack. The application accepts inbound TCP connections and passes the…

Vulnerability class: DoS (Denial of Service)

Affected products

Gogs — versions < 0.14.3

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)