HIGHCVE-2026-28744Published Modified CNA Gitea
CVE-2026-28744: Gitea Git smart HTTP bypasses repository token scopes for bearer tokens
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- Gitea / Gitea Open Source Git Server≤ 1.26.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N