ID:12790 - Exploit for Improper Authentication in Gitea - CVE-2026-58423

 
Main Vulnerability Database Exploits ID:12790 - Exploit for Improper Authentication in Gitea - CVE-2026-58423

ID:12790 - Exploit for Improper Authentication in Gitea - CVE-2026-58423

Published: July 1, 2026


Vulnerability identifier: #VU136606
Vulnerability risk: Medium
CVE-ID: CVE-2026-58423
CWE-ID: CWE-287
Exploitation vector: Remote access
Vulnerable software:
Gitea

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in SSH LFS sub-verb handling. A remote user can bypass authentication process and gain read access to private repositories.


Remediation

Install updates from vendor's website.