SecBoard
Zurück zur CVE-Übersicht

CVE-2026-28744

HIGH(8.1)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Risk Signal Score25/100 — MITTEL
  • CVSS 8.1 — Hoch

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

8.1

Technische Schwere

Beschreibung

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.

GitHub Advisories

GHSA-cc8w-r4qh-3v65HIGH

Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens

go/code.gitea.io/gitea1.26.2
GitHub Advisory

Referenzen