SSRF Vulnerability in Gitea Affected by HTTP Redirect Issues
CVE-2026-58418
6.5MEDIUM
What is CVE-2026-58418?
This vulnerability allows for Server-Side Request Forgery (SSRF) through improper handling of HTTP redirects during repository migration in Gitea. An attacker can exploit this weakness, potentially leading to unauthorized access to internal services or sensitive data. It is crucial for users of Gitea v1.26.3 and v1.26.4 to apply the necessary patches to mitigate this risk.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.25.4
