Skip to content

Update gogs_rebase_rce module with CVE-2026-52806 and fix version#21667

Open
jburgess-r7 wants to merge 2 commits into
rapid7:masterfrom
jburgess-r7:gogs-rce-patch
Open

Update gogs_rebase_rce module with CVE-2026-52806 and fix version#21667
jburgess-r7 wants to merge 2 commits into
rapid7:masterfrom
jburgess-r7:gogs-rce-patch

Conversation

@jburgess-r7

Copy link
Copy Markdown
Contributor

Updates the Gogs rebase argument injection RCE module following the assignment of CVE-2026-52806 and the release of Gogs 0.14.3 (June 7, 2026) which fixes the vulnerability.

Changes:

  • Added CVE-2026-52806 reference
  • Updated module description to reference the CVE and fixed version (< 0.14.3)
  • Added 0.14.3 commit hash to the version fingerprint map for accurate detection
  • Updated check method to mark 0.14.3+ as safe (removed placeholder comment about future fix)
  • Updated module documentation with CVE and fix version info

References:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Todo

Development

Successfully merging this pull request may close these issues.

3 participants