[2026-07-01T14:34:37Z] vuln_commit=5dcb6c64bdf61e38dbdbb941c1d69789c560d0fb fixed_commit=3ba8aca90e17e5410b7e8b227c9f29256ac3e875 repo=/data/pruva/project-cache/434d5a1b-91bf-4625-a029-d1d766c01877/repo [2026-07-01T14:34:37Z] reusing existing vuln binary (Gogs version 0.14.2) [2026-07-01T14:34:37Z] reusing existing fixed binary (Gogs version 0.14.3) [2026-07-01T14:34:37Z] === variant run_one vuln (port 33191) === [2026-07-01T14:34:39Z] vuln: non-admin user=vv-vuln-22080-30425 uid=1 is_admin=0 [2026-07-01T14:34:39Z] vuln: writer id=1 localcopy=/workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1 [2026-07-01T14:34:42Z] vuln: nonadmin is_admin=0 org=201 repo=201 nested=yes planted=yes rce=yes [2026-07-01T14:34:42Z] === variant run_one fixed (port 33192) === [2026-07-01T14:34:44Z] fixed: non-admin user=vv-fixed-22080-13329 uid=1 is_admin=0 [2026-07-01T14:34:44Z] fixed: writer id=1 localcopy=/workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-fixed/data/tmp/local-r/1 [2026-07-01T14:34:45Z] fixed: nonadmin is_admin=0 org=422 repo=500 nested=no planted=no rce=no CVE-2026-52813 VARIANT — non-admin org creation (POST /api/v1/user/orgs) vulnerable_commit=5dcb6c64bdf61e38dbdbb941c1d69789c560d0fb (v0.14.2) fixed_commit=3ba8aca90e17e5410b7e8b227c9f29256ac3e875 (v0.14.3) entrypoint=POST /api/v1/user/orgs (org.CreateMyOrg, reqToken only, NON-ADMIN) vuln_nonadmin_rce=1 # 1 = traversal org accepted (201) + nested repo outside ROOT + executable hook planted + RCE marker written, by a NON-ADMIN user fixed_blocked=1 # 1 = traversal org rejected (422), no nested repo, no RCE bypass=no observed_impact=code_execution [2026-07-01T14:34:46Z] VERDICT: ALTERNATE TRIGGER on vulnerable only (non-admin entry point); fixed v0.14.3 blocks it -> NOT a bypass