Gogs 0.14.3 security update for argument injection flaw
Security Patch Release
Summary
Hide ▲
Show ▼
The Gogs maintainers shipped version 0.14.3 to fix a critical argument injection zero-day that could let attackers compromise Internet-facing instances and reach private repositories. The issue affected all releases up to 0.14.2 and 0.15.0+dev, and exploitation required only authenticated non-admin access. Successful abuse could expose repositories, steal credentials, move laterally, and alter hosted source code. Rapid7 urged operators to upgrade immediately and use temporary hardening if patching must wait.
Cases
Related Happenings
Drupal core security update for CVE-2026-9082
Security Patch Release
First: 22.05.2026 16:14
Last: 22.05.2026 16:14
Sources 1
About this happening:
**Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...
Drupal core security update for CVE-2026-9082
Security Patch ReleaseAbout this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
About this happening:
**Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseAbout this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
CPanel and WHM emergency update for critical auth-bypass
Security Patch Release
First: 29.04.2026 18:51
Last: 29.04.2026 18:51
Sources 1
About this happening:
**WebPros International** released an **emergency update** for **cPanel** and **WHM** after a critical **authentication-bypass** flaw could expose supported installations to **una...
CPanel and WHM emergency update for critical auth-bypass
Security Patch ReleaseAbout this happening: **WebPros International** released an **emergency update** for **cPanel** and **WHM** after a critical **authentication-bypass** flaw could expose supported installations to **una...
Timeline
-
08.06.2026 19:18 2 articles · 3h ago
Gogs 0.14.3 patches a critical argument injection flaw
Mitigation Patch UpdateThe Gogs maintainers released version 0.14.3 on June 7, 2026 to patch a critical argument injection vulnerability affecting all releases up to and including 0.14.2 and 0.15.0+dev. The fix closed a path that could let authenticated non-admin attackers compromise Internet-facing instances, read private repositories, steal credentials, move laterally, and alter hosted source code.
Show sources
- Gogs patches critical zero-day enabling remote code execution — www.bleepingcomputer.com — 08.06.2026 19:18
- Gogs patches critical zero-day enabling remote code execution — www.bleepingcomputer.com — 08.06.2026 19:18
-
08.06.2026 19:18 1 articles · 3h ago
Rapid7 details default-config risk in the Gogs argument injection flaw
Technical Analysis UpdateRapid7 security researcher Jonah Burgess described the Gogs argument injection flaw as affecting default-configured servers with open registration and no repository-creation limit, warning that an attacker who creates an account and repository can enable rebase merging and operate the exploit chain without help from other users. Rapid7 also recommended immediate upgrading and temporary hardening by restricting registration, limiting repository creation, and reviewing rebase merge settings for unpatched instances.
Show sources
- Gogs patches critical zero-day enabling remote code execution — www.bleepingcomputer.com — 08.06.2026 19:18