Forwarded-Proto Injection Vulnerability in Gitea by Gitea
CVE-2026-27779

Currently unrated

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-27779?

Gitea versions prior to 1.25.5 are susceptible to a vulnerability that allows the acceptance of malformed or manipulated forwarded-proto values. This issue can lead to the generation of spoofed canonical URLs, which may facilitate various security threats, including phishing attempts and misrepresentation of services. Users are encouraged to update to the latest version to mitigate these risks.

Affected Version(s)

Gitea Open Source Git Server 0 < 1.25.5

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

fed01k
.