Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server | 0 ~ 1.26.2 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-20896 | 9.8 CRITICAL | Gitea Docker image trusts spoofable reverse-proxy headers by default |
| CVE-2026-58426 | 9.6 CRITICAL | Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read |
| CVE-2026-22874 | 9.6 CRITICAL | Gitea webhook and migration allow-list filtering permits SSRF |
| CVE-2026-58424 | 8.9 HIGH | Permanent Fork PR Workflow Approval Gate Bypass |
| CVE-2026-28737 | 8.7 HIGH | Gitea 3D file viewer allows stored XSS through glTF extensionsRequired |
| CVE-2026-26231 | 8.5 HIGH | Gitea maintainer-edit permissions allow unauthorized commits to readable repositories |
| CVE-2026-28699 | 8.1 HIGH | Gitea Basic Auth bypasses OAuth2 access token scopes |
| CVE-2026-28744 | 8.1 HIGH | Gitea Git smart HTTP bypasses repository token scopes for bearer tokens |
| CVE-2026-22555 | 8.1 HIGH | Gitea organization forks can expose organization secrets without create permission |
| CVE-2026-58423 | 7.7 HIGH | LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to pr |
| CVE-2026-28740 | 7.1 HIGH | Gitea LFS object reuse bypasses Code-unit authorization |
| CVE-2026-20779 | 7.1 HIGH | Gitea TOTP single-use enforcement defect allows OTP replay |
| CVE-2026-58418 | 6.5 MEDIUM | SSRF via HTTP Redirect in Repository Migration |
| CVE-2026-27783 | 4.3 MEDIUM | Gitea issue-template APIs bypass repository unit authorization |
| CVE-2026-27761 | 4.3 MEDIUM | Gitea repository feeds bypass API token scope enforcement |
| CVE-2026-25714 | 4.3 MEDIUM | Gitea user organization API bypasses public-only token filtering |
| CVE-2026-20706 | Gitea repository archive downloads bypass token scope checks | |
| CVE-2026-20909 | Gitea tracked-time list endpoint has insufficient permission checks | |
| CVE-2026-58419 | Notification API leaks private issue metadata after access revocation | |
| CVE-2026-28705 | Gitea repository dumps write release assets using unsafe path names |
Showing top 20 of 40 CVEs. View all on vendor page → →
No comments yet