CVE-2026-52813 — Gogs path traversal in organization name -> RCE via Git hooks vulnerable_commit=5dcb6c64bdf61e38dbdbb941c1d69789c560d0fb (v0.14.2) fixed_commit=3ba8aca90e17e5410b7e8b227c9f29256ac3e875 (v0.14.3) vulnerable_successful_attempts=2 (of 2) # each: org 201 + nested repo outside ROOT + executable hook planted + RCE marker written fixed_negative_control_attempts=2 (of 2) # each: org creation rejected (422), no nested repo, no RCE observed_impact=code_execution