Authentication Bypass in Gitea Affects Git Smart HTTP Requests
CVE-2026-28744
8.1HIGH
What is CVE-2026-28744?
Gitea versions up to and including 1.26.1 are susceptible to an authentication bypass issue that allows Git smart HTTP requests authenticated with bearer tokens to evade repository token scope checks. This vulnerability could enable unauthorized access to repositories, thereby compromising sensitive data. Users are encouraged to upgrade to version 1.26.2 or later to mitigate this risk.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.26.1
