CVE-2026-28705
Gitea before version 1.25.5 is affected: release assets are dumped using the release tag names and asset names as filesystem path components, which can allow specially crafted names to influence dump output paths. The issue is fixed in the 1.25.5 release; affected users should upgrade to 1.25.5 o...