CISA Directs Agencies to Address Gogs RCE Vulnerability Exploited in Zero-Day Attacks

CISA Directs Agencies to Address Gogs RCE Vulnerability Exploited in Zero-Day Attacks

First seen 12 Jan 2026, 22:44 UTC BleepingcomputerHeise.DeTheregisterInfosecurity-MagazineScworld 79% similarity 95.2

Article Content

Browse articles
ThreatCluster

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that government agencies secure their systems against a critical Gogs vulnerability, tracked as CVE-2025-8110. This remote code execution (RCE) flaw, stemming from a path traversal weakness in the PutContents API, has been exploited in zero-day attacks, affecting systems that utilize Gogs for remote collaboration.

ThreatCluster AI

Community

Browse all →