SecBoard
Zurück zur CVE-Übersicht

CVE-2026-28699

HIGH(8.1)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Risk Signal Score25/100 — MITTEL
  • CVSS 8.1 — Hoch

EPSS-Score

1%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

8.1

Technische Schwere

Beschreibung

Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.

GitHub Advisories

GHSA-9r5x-wg6m-x2rcHIGH

Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authentication

go/code.gitea.io/gitea1.26.2
GitHub Advisory

Referenzen