CVE-2026-22592: Gogs has a Denial of Service issue
An authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash.
References
- github.com/advisories/GHSA-cr88-6mqm-4g57
- github.com/gogs/gogs
- github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.go
- github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.go
- github.com/gogs/gogs/commit/961a79e8f9f2b3190ea804bcf635e4b43b123272
- github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-4g57
- nvd.nist.gov/vuln/detail/CVE-2026-22592
Code Behaviors & Features
Detect and mitigate CVE-2026-22592 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →