Path Traversal Vulnerability in Gitea Affects Asset Management
CVE-2026-28705
Currently unrated
What is CVE-2026-28705?
Gitea versions prior to 1.25.5 are susceptible to a path traversal vulnerability due to the use of release tag names and asset names as filesystem path components. This flaw allows attackers to craft malicious names that can manipulate dump output paths during the export of release assets, potentially leading to unauthorized access or disclosure of sensitive information. Users are strongly encouraged to update to version 1.25.5 or later to mitigate this risk. For more details, check the release notes and patches associated with this issue.
Affected Version(s)
Gitea Open Source Git Server 0 < 1.25.5
