CVE-2026-28705

Summary

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.

Affected Software

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server0 < 1.25.5affected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory

References