Book a meeting

› 11:51:33 BSI CVE-2026-52944 Linux Kernel: Mehrere Schwachstellen · › 11:51:33 BSI CVE-2026-40612 jq: Mehrere Schwachstellen · › 11:51:32 BSI CVE-2026-43895 jq: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen · › 11:51:32 BSI CVE-2026-43896 jq: Schwachstelle ermöglicht Denial of Service · › 11:51:31 BSI CVE-2026-28532 FRRouting Project FRRouting: Mehrere Schwachstellen ermöglichen Denia… · › 11:41:32 BSI CVE-2026-13021 Google Chrome / Microsoft Edge: Mehrere Schwachstellen ermöglichen ni… · › 11:31:31 BSI CVE-2026-49486 Apache Airflow FTP Provider: Schwachstelle ermöglicht Offenlegung von… · › 11:26:32 BSI CVE-2026-44024 Fluentd: Mehrere Schwachstellen · › 11:26:32 BSI CVE-2026-57520 Bitwarden: Mehrere Schwachstellen · › 11:26:31 BSI CVE-2026-57184 Digium Certified Asterisk: Mehrere Schwachstellen · › 11:21:32 BSI CVE-2026-11800 Keycloak: Mehrere Schwachstellen · › 11:21:31 BSI CVE-2026-13281 Google Chrome: Mehrere Schwachstellen ·

← Back to console

Critical CCB · Belgium CVE-2026-52813

Multiple Vulnerabilities in Gogs Allow Remote Code Execution

Published 25 June 2026 at 14:55

Description

CVE-2026-52813, CVSS 10 CWE-23: Relative Path Traversal A Remote Code Execution (RCE) vulnerability caused by path traversal. This flaw is triggered by improper sanitization of organization names accepted through the API, allowing an attacker to manipulate server file paths and execute arbitrary commands. CVE-2026-52806, CVSS 9.9 CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') An authenticated Remote Code Execution (RCE) vulnerability via argument injection. An attacker with standard user privileges can achieve RCE by creating a pull request with a maliciously crafted branch name. This exploits the merge operation by injecting the --exec flag into the git rebase command during a "Rebase before merging" action. CVE-2026-52811, CVSS 9.0 CWE-22: Imp