Zurück zur CVE-Übersicht
CVE-2026-28744
HIGH(8.1)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Risk Signal Score25/100 — MITTEL
- CVSS 8.1 — Hoch
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
8.1
Technische Schwere
Beschreibung
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
GitHub Advisories
GHSA-cc8w-r4qh-3v65HIGH
Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens
go/code.gitea.io/gitea→ 1.26.2
GitHub Advisory