Forwarded-Proto Injection Vulnerability in Gitea by Gitea
CVE-2026-27779
Currently unrated
What is CVE-2026-27779?
Gitea versions prior to 1.25.5 are susceptible to a vulnerability that allows the acceptance of malformed or manipulated forwarded-proto values. This issue can lead to the generation of spoofed canonical URLs, which may facilitate various security threats, including phishing attempts and misrepresentation of services. Users are encouraged to update to the latest version to mitigate these risks.
Affected Version(s)
Gitea Open Source Git Server 0 < 1.25.5
