CVE-2026-52815
Gogs: Unauthenticated Organization Teams Information Disclosure via API
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/org_team.go:8 returns all teams for any organization without requiring authentication. The route group at internal/route/api/v1/api.go:380-385 lacks the reqToken() middleware, and the listTeams() handler performs no authentication check, exposing team IDs, names, descriptions, and permission levels to any unauthenticated caller. This vulnerability is fixed in 0.14.3.
| CWE | CWE-200 |
| Vendor | gogs |
| Product | gogs |
| Published | Jun 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for gogs gogs
Be the first to know when new unknown vulnerabilities affecting gogs gogs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
gogs / gogs
< 0.14.3