3 matches found
CVE-2026-28740
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...
CVE-2026-28740
CVE-2026-28740 affects Gitea up to version 1.26.2. The issue allows Git LFS object reuse to authorize private source objects for users with repository access but without Code-unit access (root cause: LFS object reuse bypassing Code-unit authorization). Impact is unauthorized access to private sou...
gitea -- multiple vulnerabilities
The Gitea team reports: CVE-2026-27783: incorrect read permission check CVE-2026-25714: public-only token filtering bypass CVE-2026-20706: missing token scope checking CVE-2026-27771: unauthenticated access to private container images CVE-2026-28744: git smart HTTP request scope bug CVE-2026-2869...