ID:12788 - Exploit for Improper Verification of Cryptographic Signature in Gitea - CVE-2026-58426

 
Main Vulnerability Database Exploits ID:12788 - Exploit for Improper Verification of Cryptographic Signature in Gitea - CVE-2026-58426

ID:12788 - Exploit for Improper Verification of Cryptographic Signature in Gitea - CVE-2026-58426

Published: July 1, 2026


Vulnerability identifier: #VU136614
Vulnerability risk: Medium
CVE-ID: CVE-2026-58426
CWE-ID: CWE-347
Exploitation vector: Remote access
Vulnerable software:
Gitea

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due a cross-task and cross-repository authorization bypass in Actions artifact handling. A remote user can read/write artifacts on the system.


Remediation

Install updates from vendor's website.