Storia in 6 fonti

Gogs Zero-Day Exposes Servers to Remote Code Execution

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

Raccontata da

Confronto fonti

6 prospettive sulla stessa storia

AI · summaries

securityweek.comStai leggendo1 g fa

Gogs Zero-Day Exposes Servers to Remote Code Execution

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

originale

Timeline cronologica

giovedì 28 maggio 2026·infoworld.com
Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects
Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
giovedì 28 maggio 2026·securityweek.com
Gitea Vulnerability Exposed 30,000 Deployments to Attacks
CVE-2026-27771, an access control vulnerability in Gitea, exposed over 30,000 deployments to unauthorized access.

bleepingcomputer.com

2 g fa

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances.

Leggi questa versione → originale

thehackernews.com2 g fa

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Gogs 9.4 CVSS flaw exploits git rebase injection on 1,141 exposed instances, enabling remote code execution.

Leggi questa versione → originale

infoworld.com3 g fa

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

Leggi questa versione → originale

theregister.com1 g fa

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

Gogs has an unpatched CVSS 9.4 RCE exploitable by any authenticated user on default installs, 10 weeks after Rapid7's responsible disclosure with no maintainer response. A public Metasploit module makes exploitation imminent — disable open registration and rebase merging immediately or migrate to Gitea.

Leggi questa versione → originale

heise.de1 g fa

Warten auf Sicherheitspatch: Self-hosted-Git-Service Gogs ist verwundbar

Angreifer können Gogs-Server in den Standardeinstellungen mit Schadcode attackieren. Bislang können Admins Systeme nur über einen Workaround schützen.

Leggi questa versione → originale

giovedì 28 maggio 2026·

bleepingcomputer.com

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances.

giovedì 28 maggio 2026·

thehackernews.com

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Gogs 9.4 CVSS flaw exploits git rebase injection on 1,141 exposed instances, enabling remote code execution.

venerdì 29 maggio 2026·

heise.de

Warten auf Sicherheitspatch: Self-hosted-Git-Service Gogs ist verwundbar

Angreifer können Gogs-Server in den Standardeinstellungen mit Schadcode attackieren. Bislang können Admins Systeme nur über einen Workaround schützen.

venerdì 29 maggio 2026·

securityweek.com

Gogs Zero-Day Exposes Servers to Remote Code Execution

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

venerdì 29 maggio 2026·

theregister.com

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

Researcher reported the vuln in March. Maintainers haven't responded to his messages since

Gogs Zero-Day Exposes Servers to Remote Code Execution

Timeline cronologica

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Gitea Vulnerability Exposed 30,000 Deployments to Attacks

New Gogs zero-day flaw lets hackers get remote code execution

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

Warten auf Sicherheitspatch: Self-hosted-Git-Service Gogs ist verwundbar

New Gogs zero-day flaw lets hackers get remote code execution

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Warten auf Sicherheitspatch: Self-hosted-Git-Service Gogs ist verwundbar

Gogs Zero-Day Exposes Servers to Remote Code Execution

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out