Zurück zur CVE-Übersicht
CVE-2026-28699
HIGH(8.1)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Risk Signal Score25/100 — MITTEL
- CVSS 8.1 — Hoch
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
8.1
Technische Schwere
Beschreibung
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.
GitHub Advisories
GHSA-9r5x-wg6m-x2rcHIGH
Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authentication
go/code.gitea.io/gitea→ 1.26.2
GitHub Advisory