Moderate severityNVD Advisory· Published Feb 6, 2026· Updated Feb 6, 2026
Gogs has arbitrary file read/write via path traversal in Git hook editing
CVE-2026-23633
Description
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.13.4 | 0.13.4 |
Affected products
3- ghsa-coords2 versions
< 0.13.4+ 1 more
- (no CPE)range: < 0.13.4
- (no CPE)range: < 0.0.20260226T182644-150000.1.149.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-mrph-w4hh-gx3gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-23633ghsaADVISORY
- github.com/gogs/gogs/commit/4894629903f9508fe85567c44f68804f008f1655ghsaWEB
- github.com/gogs/gogs/releases/tag/v0.13.4ghsaWEB
- github.com/gogs/gogs/security/advisories/GHSA-mrph-w4hh-gx3gghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.