https://cybercrime.club/tags/git-rebase/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usFri, 29 May 2026 11:09:16 -0400https://cybercrime.club/posts/gogs-unpatched-rce-git-rebase-exec-argument-injection/Fri, 29 May 2026 11:09:16 -0400https://cybercrime.club/posts/gogs-unpatched-rce-git-rebase-exec-argument-injection/Rapid7 disclosed an unpatched CVSS 9.4 RCE in Gogs. A malicious branch name injects --exec into git rebase during 'Rebase before merging,' giving any registered user code execution on the server. No CVE, no fix — only config-level mitigations.vulnerability