CVE-2026-27780

Summary

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

Affected Software

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server0 < 1.26.0affected

Weaknesses

  • CWE-863: Incorrect Authorization

References