PT-2026-55607 · Gitea · Gitea Open Source Git Server
M2Hcz
·
Published
2026-07-03
·
Updated
2026-07-03
·
CVE-2026-28740
CVSS v3.1
7.1
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N |
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access.
Fix
IDOR
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitea Open Source Git Server