Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-52805— Gogs: Migration Redirect Bypass Leads to Internal Repository Theft

CVSS 8.7 · High EPSS 0.38% · P31

Affected Version Matrix 1

VendorProductVersion RangeStatus
gogsgogs< 0.14.3affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-52805

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Gogs: Migration Redirect Bypass Leads to Internal Repository Theft
Source: NVD (National Vulnerability Database)
Vulnerability Description
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery (SSRF) vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated user can submit a public URL that redirects to a blocked internal endpoint (e.g., 127.0.0.1), importing the internal repository's contents into an attacker-controlled repository. This vulnerability is fixed in 0.14.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gogs 服务端请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gogs是Gogs团队开源的一个源代码管理软件。 Gogs 0.14.3之前版本存在服务端请求伪造漏洞,该漏洞源于仓库迁移功能中存在服务端请求伪造,应用程序只验证初始提交的URL主机名,但git clone --mirror会跟随HTTP重定向,可能导致经过身份验证的用户提交一个重定向到被阻止的内部端点(如127.0.0.1)的公共URL,将内部仓库内容导入攻击者控制的仓库。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
gogsgogs < 0.14.3 -

II. Public POCs for CVE-2026-52805

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 10838 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-52805

登录查看更多情报信息。

Patches & Fixes for CVE-2026-52805 (2)

Vendor Advisories for CVE-2026-52805 (1)

Vendor Pages for CVE-2026-52805 (1)

Same Patch Batch · gogs · 2026-06-24 · 24 CVEs total

CVE-2026-5281310.0 CRITICALGogs: Path Traversal in organization name results in RCE through Git hooks
CVE-2026-528069.9 CRITICALGogs: RCE via git rebase --exec argument injection in pull request merge
CVE-2026-527988.9 HIGHGogs: Stored XSS in `.ipynb` Preview
CVE-2026-528008.8 HIGHGogs: CSRF Leading to Organization Owner Takeover
CVE-2026-527978.5 HIGHGogs: Overwriting critical files results in a denial of service
CVE-2026-472678.3 HIGHGogs: SSRF in webhook deliveries
CVE-2026-528018.1 HIGHGogs: Ability to import local repositories via Mirror Settings
CVE-2026-527997.5 HIGHGogs: Missing Authorization in Attachment Download
CVE-2026-528087.1 HIGHGogs: Write-level collaborators can mutate admin-only repository settings via API
CVE-2026-528096.8 MEDIUMGogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_
CVE-2026-528025.4 MEDIUMGogs: Open Redirect via redirect_to in Gogs
CVE-2025-647194.9 MEDIUMGogs: Denial of Service in repository/wiki file listing web pages
CVE-2026-527954.3 MEDIUMGogs: Authorization Bypass in Watch API allows any user to monitor private repository acti
CVE-2026-527963.5 LOWGogs: DoS in rendering issue index pattern
CVE-2026-52807Gogs: DOM-based XSS via Milestone Name on New Issue Page
CVE-2026-52810Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusio
CVE-2026-52816Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leadi
CVE-2026-52814Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Des
CVE-2026-52812Gogs: LFS dedupe path leaks private repo content across tenants
CVE-2026-52811Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Showing top 20 of 24 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-52805

No comments yet


Leave a comment