Main
Vulnerability Database
Exploits
ID:12692 - Exploit for Insufficient verification of data authenticity in gogs - CVE-2026-25921
ID:12692 - Exploit for Insufficient verification of data authenticity in gogs - CVE-2026-25921
Published: May 5, 2026
Vulnerability identifier: #VU129681
Vulnerability risk: High
CVE-ID: CVE-2026-25921
CWE-ID: CWE-345
Exploitation vector: Remote access
Vulnerable software:
gogs
gogs
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to missing content hash verification. A remote attacker can overwrite LFS object across different repos.
Remediation
Install updates from vendor's website.