HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-28744Published Modified CNA Gitea

CVE-2026-28744: Gitea Git smart HTTP bypasses repository token scopes for bearer tokens

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.

Metrics

CVSS v3.1
8.1
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

Affected packages
  • Gitea / Gitea Open Source Git Server
    ≤ 1.26.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N