[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:gogs-zero-day-exposes-servers-to-remote-code-execution-mptockve":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":15,"article_ids":16,"ioc_summary":18,"source_urls":19,"status":21,"expires_at":22,"created_at":23,"updated_at":24,"articles":25},"4b4cb5c3-6028-451e-9ed6-d8236b2df624","Gogs Zero-Day Exposes Servers to Remote Code Execution","gogs-zero-day-exposes-servers-to-remote-code-execution-mptockve","A critical zero-day in Gogs (CVSS 9.4) allows authenticated users to execute arbitrary code via malicious branch names in pull requests. The vulnerability exploits argument injection in the rebase merge operation. Any organization running self-hosted Gogs is at risk, and public exploits are already available.","critical","advisory",[],[13,14],"Gogs","Rapid7","Immediately identify all Gogs instances in your environment. Disable the 'Rebase before merging' feature until patched, restrict pull request creation to trusted users only, and monitor for suspicious git rebase processes and branch creation activity.",[17],"3512b0a9-b3fe-4863-9032-6bb685387dc2",null,[20],"https:\u002F\u002Fwww.securityweek.com\u002Fgogs-zero-day-exposes-servers-to-remote-code-execution\u002F","active","2026-06-02T11:06:20.414+00:00","2026-05-31T11:06:25.379602+00:00","2026-05-31T11:06:28.533981+00:00",[26],{"id":17,"title":6,"url":20}]