CVE-2026-52804

Name of the Vulnerable Software and Affected Versions Gogs (affected versions not specified)

Description A repository admin collaborator can escalate their privileges to owner-level access due to an off-by-one error in the ChangeCollaborationAccessMode() function. This occurs because the validation check allows the mode variable to be set to the value associated with owner access. An attacker can exploit this by sending a POST request to the '/{owner}/{repo}/settings/collaboration/access mode' endpoint with the mode parameter set to 4. Successful exploitation grants the attacker owner-level permissions, enabling them to delete the repository, transfer repository ownership, and erase wiki data. These escalated permissions persist across sessions as the access table is updated.

Recommendations As a temporary workaround, restrict access to the '/{owner}/{repo}/settings/collaboration/access mode' endpoint or avoid using the mode parameter with a value of 4 until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.