CVE-2026-28744

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
Configurations

No configuration.

History

06 Jul 2026, 16:16

Type Values Removed Values Added
References () https://github.com/go-gitea/gitea/security/advisories/GHSA-cc8w-r4qh-3v65 - () https://github.com/go-gitea/gitea/security/advisories/GHSA-cc8w-r4qh-3v65 -

03 Jul 2026, 21:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-03 21:17

Updated : 2026-07-06 18:17


NVD link : CVE-2026-28744

Mitre link : CVE-2026-28744

CVE.ORG link : CVE-2026-28744


JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization