A vulnerability, which was classified as problematic , has been found in Gogs up to 0.14.2 . Affected is the function ChangeCollaborationAccessMode . Performing a manipulation results in off-by-one. This vulnerability is reported as CVE-2026-52804 . The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.