Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-58421— Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service

AI Predicted 5.3 Difficulty: Easy

Possible ATT&CK Techniques 1AI

T1499 · Endpoint Denial of Service
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-58421

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
GiteaGitea Open Source Git Server 0 ~ 1.26.2 -

II. Public POCs for CVE-2026-58421

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-58421

登录查看更多情报信息。

Patches & Fixes for CVE-2026-58421 (1)

Vendor Advisories for CVE-2026-58421 (1)

Security Blog Posts for CVE-2026-58421 (1)

Vendor Pages for CVE-2026-58421 (1)

Same Patch Batch · Gitea · 2026-07-03 · 40 CVEs total

CVE-2026-208969.8 CRITICALGitea Docker image trusts spoofable reverse-proxy headers by default
CVE-2026-584269.6 CRITICALGitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read
CVE-2026-228749.6 CRITICALGitea webhook and migration allow-list filtering permits SSRF
CVE-2026-584248.9 HIGHPermanent Fork PR Workflow Approval Gate Bypass
CVE-2026-287378.7 HIGHGitea 3D file viewer allows stored XSS through glTF extensionsRequired
CVE-2026-262318.5 HIGHGitea maintainer-edit permissions allow unauthorized commits to readable repositories
CVE-2026-286998.1 HIGHGitea Basic Auth bypasses OAuth2 access token scopes
CVE-2026-287448.1 HIGHGitea Git smart HTTP bypasses repository token scopes for bearer tokens
CVE-2026-225558.1 HIGHGitea organization forks can expose organization secrets without create permission
CVE-2026-584237.7 HIGHLFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to pr
CVE-2026-287407.1 HIGHGitea LFS object reuse bypasses Code-unit authorization
CVE-2026-207797.1 HIGHGitea TOTP single-use enforcement defect allows OTP replay
CVE-2026-584186.5 MEDIUMSSRF via HTTP Redirect in Repository Migration
CVE-2026-277834.3 MEDIUMGitea issue-template APIs bypass repository unit authorization
CVE-2026-277614.3 MEDIUMGitea repository feeds bypass API token scope enforcement
CVE-2026-257144.3 MEDIUMGitea user organization API bypasses public-only token filtering
CVE-2026-20706Gitea repository archive downloads bypass token scope checks
CVE-2026-20909Gitea tracked-time list endpoint has insufficient permission checks
CVE-2026-58419Notification API leaks private issue metadata after access revocation
CVE-2026-28705Gitea repository dumps write release assets using unsafe path names

Showing top 20 of 40 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

V. Comments for CVE-2026-58421

No comments yet


Leave a comment