Gogs
-
Critical Gogs flaw can let authenticated users run code on servers
A critical, unpatched flaw in Gogs can let authenticated users run arbitrary code on affected servers under certain conditions, with Rapid7 rating the issue 9.4 on the CVSS scale and reporting no CVE yet.
-
CISA Adds Gogs Path Traversal CVE-2025-8110 to Known Exploited Vulnerabilities Catalog
CISA added CVE-2025-8110, a high severity Gogs path traversal that can enable code execution, to its Known Exploited Vulnerabilities catalog on January 12 2026. About 1,600 exposed instances exist with several hundred compromised.
-
Unpatched Gogs vulnerability being actively exploited; hundreds of instances compromised
Wiz researchers say a high-severity unpatched flaw in Gogs (CVE-2025-8110) is being actively exploited, with more than 700 compromised instances; the issue allows file overwrites via symbolic links and can lead to remote code execution. Researchers recommend disabling open registration, limiting internet exposure and scanning for random repositories while a fix is developed.
