CVE-2026-24135
EUVD-2026-564206.02.2026, 18:15
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulating the old_title parameter in the wiki editing form. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gogs | gogs | 𝑥 < 0.13.4 |
𝑥
= Vulnerable software versions