Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
References
Configurations
No configuration.
History
06 Jul 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/go-gitea/gitea/security/advisories/GHSA-cc8w-r4qh-3v65 - |
03 Jul 2026, 21:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-03 21:17
Updated : 2026-07-06 18:17
NVD link : CVE-2026-28744
Mitre link : CVE-2026-28744
CVE.ORG link : CVE-2026-28744
JSON object : View
Products Affected
No product.
CWE
CWE-863
Incorrect Authorization
