New Gogs zero-day flaw lets hackers get remote code execution

Thursday, May 28, 2026 at 02:25 PM UTC·Source: BleepingComputer

Updated: Thursday, May 28, 2026 at 03:01 PM UTC

Executive Summary

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]

Analysis

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]

Source Attribution

Originally published by BleepingComputer on May 28, 2026.

Related Threats

CRITICALZero DayPOC

Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more

Each vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.

2d agoThe Record

CRITICALZero Day

Gogs Zero-Day Exposes Servers to Remote Code Execution

The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek .

2d agoSecurityWeek

CRITICALZero Day

This month in security with Tony Anscombe – May 2026 edition

In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit

2d agoWeLiveSecurity (ESET)