AI description
CVE-2026-24135 describes a path traversal vulnerability found in Gogs, an open-source self-hosted Git service. This flaw specifically affects versions 0.13.3 and earlier of the software. The vulnerability resides within the `updateWikiPage` function. An authenticated user who possesses write access to a repository's wiki can exploit this by manipulating the `old_title` parameter in the wiki editing form. This manipulation allows the user to delete arbitrary files on the server. The issue has been addressed and patched in Gogs versions 0.13.4 and 0.14.0+dev.
- Description
- Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulating the old_title parameter in the wiki editing form. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-22
- Hype score
- Not currently trending
🚨Alert🚨 CVE-2025-64111 & CVE-2025-64175 & CVE-2026-24135 : Critical Gogs Flaws Allow RCE & 2FA Bypass. 📊 319K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/HvqFGre6yO 👇Query HUNTER : https://t.co/q9rtuGfZuz="Gogs"
@HunterMapping
10 Feb 2026
2239 Impressions
13 Retweets
38 Likes
14 Bookmarks
1 Reply
0 Quotes
Gogsに重大(Critical)な脆弱性。CVE-2025-64111はCVSSスコア9.3の任意コマンド実行。リポジトリの構成ファイルを改竄することによるもので、以前の脆弱性の修正不十分。多要素認証迂回のCVE-2025-64175、パストラバーサ
@__kokumoto
10 Feb 2026
717 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes