Main
Vulnerability Database
Exploits
ID:12788 - Exploit for Improper Verification of Cryptographic Signature in Gitea - CVE-2026-58426
ID:12788 - Exploit for Improper Verification of Cryptographic Signature in Gitea - CVE-2026-58426
Published: July 1, 2026
Vulnerability identifier: #VU136614
Vulnerability risk: Medium
CVE-ID: CVE-2026-58426
CWE-ID: CWE-347
Exploitation vector: Remote access
Vulnerable software:
Gitea
Gitea
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due a cross-task and cross-repository authorization bypass in Actions artifact handling. A remote user can read/write artifacts on the system.
Remediation
Install updates from vendor's website.