Gitea Git LFS Authorization Flaw in Version 1.26.2
CVE-2026-28740
7.1HIGH
What is CVE-2026-28740?
Gitea, an open-source self-hosted Git service, has a vulnerability that allows Git LFS (Large File Storage) objects to be reused, which can inadvertently give users access to private source objects within repositories despite lacking proper Code-unit access. This misconfiguration poses a security risk by enabling unauthorized access to sensitive data, necessitating prompt patching to safeguard repository integrity.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.26.2
