Buffer Overflow Vulnerability in Gitea Branch Protection Mechanism
CVE-2026-27780

Currently unrated

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-27780?

In Gitea versions before 1.26.0, a vulnerability exists that hampers the effectiveness of the branch protection mechanism. Specifically, the application does not properly handle errors resulting from bufio.Scanner while processing input for pre-receive hooks. This oversight allows oversized inputs to bypass established branch protection checks, potentially leading to unauthorized changes. Users are encouraged to upgrade to version 1.26.0 or later to mitigate this risk.

Affected Version(s)

Gitea Open Source Git Server 0 < 1.26.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yonatan-pl
.