# CVE-2026-52813

## Summary

Gogs path traversal in organization name results in RCE through Git hooks

## Description

Gogs < 0.14.3 accepts organization names containing path traversal sequences such as ../. Repository paths under such organizations can be written outside the intended base directory, allowing nested Git repository structures to overwrite another repository's hooks configuration and achieve remote code execution through Git hooks. Reproduction should use a real Gogs server/API and real Git repository operations only, and verify filesystem path traversal plus hook overwrite behavior on affected versions versus fixed 0.14.3.

## Metadata

- Product: Gogs
- Severity: critical
- Status: open
