A vulnerability was found in Gogs up to 0.14.2 . It has been rated as problematic . Impacted is the function bluemonday.UGCPolicy of the file /-/api/sanitize_ipynb . Performing a manipulation results in basic cross site scripting. This vulnerability was named CVE-2026-52816 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.