Main
Vulnerability Database
Exploits
ID:12790 - Exploit for Improper Authentication in Gitea - CVE-2026-58423
ID:12790 - Exploit for Improper Authentication in Gitea - CVE-2026-58423
Published: July 1, 2026
Vulnerability identifier: #VU136606
Vulnerability risk: Medium
CVE-ID: CVE-2026-58423
CWE-ID: CWE-287
Exploitation vector: Remote access
Vulnerable software:
Gitea
Gitea
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in SSH LFS sub-verb handling. A remote user can bypass authentication process and gain read access to private repositories.
Remediation
Install updates from vendor's website.