Gogs Vulnerabilities Lead to XSS and Token Leakage Risks

Gogs Vulnerabilities Lead to XSS and Token Leakage Risks

First seen 6 Mar 2026, 00:11 UTC Nvd.Nist 83% similarity 66.8

Article Content

Browse articles
ThreatCluster

Gogs, an open source self-hosted Git service, has two critical vulnerabilities prior to version 0.14.2. CVE-2026-26276 allows attackers to execute a DOM-Based XSS via malicious HTML/JavaScript in Milestone names, while CVE-2026-26196 exposes sensitive tokens in URLs, risking data leakage through logs and referrers. Both issues have been patched in version 0.14.2.

ThreatCluster AI

Timeline

2026-03-05
CVE-2026-26196 published
2026-03-05
CVE-2026-26276 published
Recent
Patch released for both vulnerabilities

Community

Browse all →