CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2024-56731

Gogs RCE: The Symlink That Killed the Patch (CVE-2024-56731)

Amit Schendel
Amit Schendel
Senior Security Researcher

Jan 1, 2026·4 min read·68 visits

Executive Summary (TL;DR)

Gogs tried to stop hackers from deleting `.git` files by checking file names. Hackers bypassed this by using symbolic links (e.g., `evil_link` -> `.git/config`). By editing the symlink via the Web UI, attackers can overwrite Git hooks and achieve full RCE. CVSS 10.0.

A critical Remote Command Execution vulnerability in Gogs versions prior to 0.13.3. This flaw is a bypass of a previous fix (CVE-2024-39931), allowing authenticated users to overwrite internal Git files via symbolic links.

Official Patches

GogsGogs v0.13.3 Release Notes

Fix Analysis (1)

Technical Appendix

CVSS Score
10.0/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Probability
0.42%
Top 88% most exploited
45,000
via Shodan

Affected Systems

Gogs (Self-Hosted Git Service)

Affected Versions Detail

Product
Affected Versions
Fixed Version
Gogs
Gogs
< 0.13.30.13.3
AttributeDetail
CWECWE-59 (Link Following)
Attack VectorNetwork (Authenticated)
CVSS10.0 (Critical)
ImpactRemote Command Execution (RCE)
PrivilegesLow (Any authenticated user)
Fix Version0.13.3

MITRE ATT&CK Mapping

T1559Inter-Process Communication
Execution
T1202Indirect Command Execution
Defense Evasion
CWE-59
Link Following

Improper Link Resolution Before File Access ('Link Following')

Known Exploits & Detection

GitHubDiscussion regarding the symlink bypass and initial disclosure

Vulnerability Timeline

Original flaw CVE-2024-39931 disclosed
2024-07-01
Bypass discovered and patched in commit 1cba9bc
2024-12-25
Gogs v0.13.3 Released
2024-12-27

References & Sources

  • [1]Fix Commit
  • [2]NIST NVD Entry
Related Vulnerabilities
CVE-2024-39931

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•26 minutes ago•CVE-2022-0492
7.8

CVE-2022-0492: Privilege Escalation and Container Escape via cgroups v1 release_agent

CVE-2022-0492 is a high-severity missing authorization vulnerability in the Linux kernel's Control Groups (cgroups) v1 implementation. The flaw resides within the cgroup_release_agent_write function in kernel/cgroup/cgroup-v1.c, where the kernel fails to validate if the process writing to the release_agent file possesses administrative capabilities in the initial user namespace. This allows a local attacker inside a container with root privileges (UID 0) to abuse user namespaces, mount a cgroups v1 directory, modify the release_agent parameter, and execute arbitrary commands on the host system as host root, effectively achieving a complete container escape.

Amit Schendel
Amit Schendel
3 views•7 min read
•2 days ago•GHSA-G72G-R7M4-9X4G
6.3

GHSA-G72G-R7M4-9X4G: Insufficient Session Expiration of OAuth Tokens in NocoDB

NocoDB is subject to an insufficient session expiration vulnerability where OAuth access and refresh tokens are not invalidated or revoked during security-sensitive actions such as password changes, forgot-password requests, or password resets. This allows an attacker possessing an active OAuth token to maintain unauthorized persistence.

Amit Schendel
Amit Schendel
8 views•6 min read
•2 days ago•GHSA-FGMC-2HQJ-86V4
6.9

GHSA-FGMC-2HQJ-86V4: Default Administrative Credentials in vantage6-server

A vulnerability in the vantage6 federated learning framework allows unauthenticated remote attackers to gain administrative control of the server via hardcoded default credentials (root/root) when deployed under default configurations in versions 4.2.3 and below.

Amit Schendel
Amit Schendel
8 views•5 min read
•2 days ago•GHSA-X9F6-9RVM-MMRG
6.9

GHSA-X9F6-9RVM-MMRG: Improper Access Control and Volume Mount Isolation Bypass in vantage6 Node

An improper access control vulnerability in the vantage6 node component allows concurrently running algorithm containers to read and modify sensitive input and output files of other tasks. The lack of strict workspace directory isolation exposes a significant attack surface in multi-tenant or federated environments where untrusted algorithms are executed.

Amit Schendel
Amit Schendel
3 views•4 min read
•2 days ago•CVE-2026-47760
8.7

CVE-2026-47760: Cross-Site Scripting (XSS) via SVG Namespace Sanitizer Bypass in TinyMCE

TinyMCE versions 6.8.0 through 7.0.1 contain a high-severity Cross-Site Scripting (XSS) vulnerability. The flaw exists in the custom HTML parser and sanitizer module, which incorrectly manages SVG namespace scopes when parsing nested elements. A low-privileged or unauthenticated attacker can submit a crafted HTML payload containing nested SVG structures to bypass sanitization filters, leading to arbitrary JavaScript execution in the context of the victim's browser session.

Alon Barad
Alon Barad
14 views•7 min read
•2 days ago•CVE-2026-47759
8.7

CVE-2026-47759: Stored Cross-Site Scripting (XSS) via Unsanitized data-mce-* Serialization Bypass in TinyMCE

CVE-2026-47759 is a critical stored Cross-Site Scripting (XSS) vulnerability affecting multiple active branches of the TinyMCE rich text editor. The flaw resides in the editor's handling of user-controlled, prefixed internal attributes, such as data-mce-href, data-mce-src, and data-mce-style. When processing raw HTML inputs, TinyMCE's internal validation schema neglects to inspect these custom prefixed attributes. During HTML serialization, the editor's engine extracts these unsanitized values and copies them back into standard executable attributes, overwriting any previously sanitized standard values and leading to execution of arbitrary code.

Amit Schendel
Amit Schendel
9 views•7 min read