SUSE CVE-2026-33353

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

CVE-2026-33353

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

CVE-2026-33353

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

CVE-2026-33353

CVE-2026-33353 affects Soft Serve: from v0.6.0 to before v0.11.6 an authorization flaw in repo import permits any authenticated SSH user to clone a server-local Git repository (even another user’s private repo) into a new repository under their control. The issue is mitigated by upgrading to v0.1...

CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

EUVD-2026-14013

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

Soft Serve 安全漏洞

Soft Serve is a self-hosted command-line Git server developed by Charm. Versions of Soft Serve from 0.6.0 to 0.11.6 contained security vulnerabilities. These vulnerabilities were due to an authorization flaw in repository imports, which allowed any authenticated SSH user to clone the server’s loc...

GO-2026-4788 In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve

In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve...

In Soft Serve, an authenticated repo import can clone server-local private repositories

Summary An authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. This breaks the private-repository confidentiality boundary and should be treated as High severity...

GO-2026-4634 soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import in github.com/charmbracelet/soft-serve

soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import in github.com/charmbracelet/soft-serve...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

Soft Serve 代码问题漏洞

Soft Serve is an open-source, self-hosted command-line Git server developed by Charm. Versions of Soft Serve from 0.6.0 to 0.11.4 had code vulnerabilities. These vulnerabilities allowed authenticated SSH users to force the server to send HTTP requests to internal IP addresses through a specially...

SUSE CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

GO-2026-4353 Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve

Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve...

CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...