216.73.217.172

CVE-2026-26194

· Published 05/03/2026 19:16 · Modified 06/03/2026 13:55

Labels: CVE-2026-26194 2026-03-05CVE-2026-26194CWE-88[email protected]

Essential information

Published
05/03/2026 19:16
Modified
06/03/2026 13:55
Author
Creator
CVSS
8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been patched in version 0.14.2.

NVD status

Status
Analyzed — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
gogs / gogs cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*

References