CVE-2026-58426

Summary

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Affected Software

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server1.22.0 <= 1.26.1affected

Weaknesses

  • CWE-347: CWE-347

References