> TritonInfoSec News

Home / May 30, 2026 / Story

#4 SecurityWeek general May 29, 2026 at 12:59 UTC

Gogs Zero-Day Exposes Servers to Remote Code Execution

By Ionut Arghire

AI Summary

A critical zero-day in Gogs (the self-hosted Git service) scored a CVSS 9.4 and allows authenticated attackers to achieve remote code execution via argument injection through pull requests with malicious branch names. The flaw has not yet received a patch from the Gogs project, making it immediately actionable for defenders running self-hosted Gogs instances.

Read full article → https://www.securityweek.com/gogs-zero-day-exposes…

Relevance score: 82.0/100

Sponsored

Protect Your Business

Expert cybersecurity solutions to safeguard your organization from evolving threats.

Get Protected →

# More from May 30

1
Dutch govt disrupts malware botnet with 17 million infected devices BleepingComputer
2
Charter Communications data breach affects 4.9 million accounts BleepingComputer
3
Federal audit reveals NIST’s NVD is plagued by poor planning and duplication CyberScoop
5
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer The Hacker News
6
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit The Hacker News
7
Google Chrome adds session cookie theft protection for all users BleepingComputer
8
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks The Hacker News
9
California AG sues 23andMe over 2023 breach exposing health data BleepingComputer
10
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal The Hacker News