CVE-2026-28744

Summary

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.

Affected Software

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server0 <= 1.26.1affected

Weaknesses

  • CWE-863: CWE-863

References