Gogs Vulnerabilities Lead to XSS and Token Leakage Risks
First seen 6 Mar 2026, 00:11 UTC
•
•83% similarity
•66.8
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Gogs, an open source self-hosted Git service, has two critical vulnerabilities prior to version 0.14.2. CVE-2026-26276 allows attackers to execute a DOM-Based XSS via malicious HTML/JavaScript in Milestone names, while CVE-2026-26196 exposes sensitive tokens in URLs, risking data leakage through logs and referrers. Both issues have been patched in version 0.14.2.
ThreatCluster AI
Timeline
2026-03-05
CVE-2026-26196 published
2026-03-05
CVE-2026-26276 published
Recent
Patch released for both vulnerabilities