CVE-2026-28705

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.
Configurations

No configuration.

History

07 Jul 2026, 18:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

03 Jul 2026, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-03 21:16

Updated : 2026-07-07 18:16


NVD link : CVE-2026-28705

Mitre link : CVE-2026-28705

CVE.ORG link : CVE-2026-28705


JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')