Primary

Context

Gogs Denial-of-Service Vulnerability in Repository Mirror Synchronization

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Gogs, an open-source self-hosted Git service, in versions through 0.13.3. The issue arises when an authenticated user deletes a repository file before synchronization, causing the application to crash. This vulnerability has been patched in versions 0.13.4 and 0.14.0+dev.

Impact

Exploitation of this vulnerability leads to a server crash, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, initiate a mirror synchronization on a repository and then delete that repository before the synchronization process completes. This will cause the application to crash.

Remediation

Users can upgrade to Gogs versions 0.13.4 or 0.14.0+dev to address this vulnerability.

Added: Feb 6, 2026, 6:32 PM

Updated: Feb 6, 2026, 10:56 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.6

remediation

7.7

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

6.6

remediation

7.7

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gogs Denial-of-Service Vulnerability in Repository Mirror Synchronization

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Gogs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating