Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-28744— Gitea Git smart HTTP bypasses repository token scopes for bearer tokens

CVSS 8.1 · High EPSS 0.34% · P26

Possible ATT&CK Techniques 1AI

T1528 · Steal Application Access Token

Affected Version Matrix 1

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server≤ 1.26.1affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-28744

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Gitea Git smart HTTP bypasses repository token scopes for bearer tokens
Source: NVD (National Vulnerability Database)
Vulnerability Description
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gitea 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gitea是Gitea组织开源的一个基于Go开发的轻量型git服务。 Gitea 1.26.1及之前版本存在授权问题漏洞,该漏洞源于令牌范围检查绕过问题,可能导致通过bearer令牌认证的Git smart HTTP请求绕过存储库令牌范围检查。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
GiteaGitea Open Source Git Server 0 ~ 1.26.1 -

II. Public POCs for CVE-2026-28744

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8419 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-28744

登录查看更多情报信息。

Patches & Fixes for CVE-2026-28744 (1)

Vendor Advisories for CVE-2026-28744 (1)

Security Blog Posts for CVE-2026-28744 (1)

Vendor Pages for CVE-2026-28744 (1)

Same Patch Batch · Gitea · 2026-07-03 · 40 CVEs total

CVE-2026-208969.8 CRITICALGitea Docker image trusts spoofable reverse-proxy headers by default
CVE-2026-584269.6 CRITICALGitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read
CVE-2026-228749.6 CRITICALGitea webhook and migration allow-list filtering permits SSRF
CVE-2026-584248.9 HIGHPermanent Fork PR Workflow Approval Gate Bypass
CVE-2026-287378.7 HIGHGitea 3D file viewer allows stored XSS through glTF extensionsRequired
CVE-2026-262318.5 HIGHGitea maintainer-edit permissions allow unauthorized commits to readable repositories
CVE-2026-286998.1 HIGHGitea Basic Auth bypasses OAuth2 access token scopes
CVE-2026-225558.1 HIGHGitea organization forks can expose organization secrets without create permission
CVE-2026-584237.7 HIGHLFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to pr
CVE-2026-287407.1 HIGHGitea LFS object reuse bypasses Code-unit authorization
CVE-2026-207797.1 HIGHGitea TOTP single-use enforcement defect allows OTP replay
CVE-2026-584186.5 MEDIUMSSRF via HTTP Redirect in Repository Migration
CVE-2026-277834.3 MEDIUMGitea issue-template APIs bypass repository unit authorization
CVE-2026-277614.3 MEDIUMGitea repository feeds bypass API token scope enforcement
CVE-2026-257144.3 MEDIUMGitea user organization API bypasses public-only token filtering
CVE-2026-20706Gitea repository archive downloads bypass token scope checks
CVE-2026-20909Gitea tracked-time list endpoint has insufficient permission checks
CVE-2026-58421Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
CVE-2026-58419Notification API leaks private issue metadata after access revocation
CVE-2026-28705Gitea repository dumps write release assets using unsafe path names

Showing top 20 of 40 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

V. Comments for CVE-2026-28744

No comments yet


Leave a comment