Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The Hacker News by The Hacker News
January 13, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 13, 2026Ravie LakshmananVulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog.

The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution.

“Gogs Path Traversal Vulnerability: Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution,” CISA said in an advisory.

Details of the shortcoming came to light last month when Wiz said it discovered it being exploited in zero-day attacks. The vulnerability essentially bypasses protections put in place for CVE-2024-55947 to achieve code execution by creating a git repository, committing a symbolic link pointing to a sensitive target, and using the PutContents API to write data to the symlink.

Cybersecurity

This, in turn, causes the underlying operating system to navigate to the actual file the symlink points to and overwrites the target file outside the repository. An attacker could leverage this behavior to overwrite Git configuration files, specifically the sshCommand setting, giving them code execution privileges.

Wiz said it identified 700 compromised Gogs instances. According to data from the attack surface management platform Censys, there are about 1,600 internet-exposed Gogs servers, out of which the majority of them are located in China (991), the U.S. (146), Germany (98), Hong Kong (56), and Russia (49).

There are currently no patches that address CVE-2025-8110, although pull requests on GitHub show that the necessary code changes have been made. “Once the image is built on main, both gogs/gogs:latest and gogs/gogs:next-latest will have this CVE patched,” one of the project maintainers said last week.

In the absence of a fix, Gogs users are advised to disable the default open-registration setting and limit server access using a VPN or an allow-list. Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary mitigations by February 2, 2026.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
ZTE Recognized on CDP Climate A List for Third Consecutive Year, Ranking Among the Global Top 4%

ZTE Recognized on CDP Climate A List for Third Consecutive Year, Ranking Among the Global Top 4%

Recommended.

Lack of resources greatest hurdle for regulating AI, MPs told | Computer Weekly

Lack of resources greatest hurdle for regulating AI, MPs told | Computer Weekly

February 12, 2026
Tech IPO hype gets drowned out on Wall Street by prospect of  trillion in debt sales

Tech IPO hype gets drowned out on Wall Street by prospect of $1 trillion in debt sales

February 12, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio