Moderate severityNVD Advisory· Published Feb 6, 2026· Updated Feb 6, 2026
Gogs is Vulnerable to Denial of Service
CVE-2026-22592
Description
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.13.4 | 0.13.4 |
Affected products
3- ghsa-coords2 versions
< 0.13.4+ 1 more
- (no CPE)range: < 0.13.4
- (no CPE)range: < 0.0.20260226T182644-150000.1.149.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-cr88-6mqm-4g57ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-22592ghsaADVISORY
- github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.goghsaWEB
- github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.goghsaWEB
- github.com/gogs/gogs/commit/961a79e8f9f2b3190ea804bcf635e4b43b123272ghsaWEB
- github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-4g57ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.