CVE-2026-24135
📋 TL;DR
CVE-2026-24135 is a path traversal vulnerability in Gogs self-hosted Git service that allows authenticated users with wiki write access to delete arbitrary files on the server. The vulnerability exists in the updateWikiPage function where the old_title parameter can be manipulated. This affects Gogs versions 0.13.3 and earlier.
💻 Affected Systems
- Gogs
📦 What is this software?
Gogs by Gogs
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through deletion of critical system files, leading to service disruption, data loss, or privilege escalation.
Likely Case
Unauthorized deletion of configuration files, user data, or other repository content, causing service disruption and data integrity issues.
If Mitigated
Limited impact if proper access controls restrict wiki write permissions to trusted users only.
🎯 Exploit Status
Exploitation requires authenticated access with wiki write permissions. The vulnerability is straightforward to exploit once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.13.4 and 0.14.0+dev
Vendor Advisory: https://github.com/gogs/gogs/security/advisories/GHSA-jp7c-wj6q-3qf2
Restart Required: Yes
Instructions:
1. Backup your Gogs data and configuration. 2. Download and install Gogs version 0.13.4 or later from the official repository. 3. Restart the Gogs service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable Wiki Functionality
allTemporarily disable wiki functionality to prevent exploitation while planning upgrade.
Edit app.ini configuration file and set ENABLE_WIKI = false under [repository] section
Restrict Wiki Write Permissions
allLimit wiki write access to only essential, trusted users.
Use Gogs admin panel to modify repository permissions and remove wiki write access from non-essential users
🧯 If You Can't Patch
- Implement strict access controls to limit wiki write permissions to minimal trusted users only.
- Monitor server file system changes and implement file integrity monitoring for critical directories.
🔍 How to Verify
Check if Vulnerable:
Check Gogs version via web interface admin panel or by examining the binary/installation directory. Versions 0.13.3 and earlier are vulnerable.Check Version:
On Linux: gogs --version or check web interface at /adminVerify Fix Applied:
Confirm Gogs version is 0.13.4 or later. Test wiki functionality to ensure it works without allowing path traversal.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in system logs
- Multiple failed wiki update attempts with suspicious old_title parameters
- Access logs showing wiki edit requests with unusual paths
Network Indicators:
- HTTP POST requests to wiki update endpoints with manipulated old_title parameters
SIEM Query:
source="gogs.log" AND ("updateWikiPage" OR "old_title") AND (".." OR "/" OR "\\")