SSRF Vulnerability in Gitea Affected by HTTP Redirect Issues
CVE-2026-58418

6.5MEDIUM

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-58418?

This vulnerability allows for Server-Side Request Forgery (SSRF) through improper handling of HTTP redirects during repository migration in Gitea. An attacker can exploit this weakness, potentially leading to unauthorized access to internal services or sensitive data. It is crucial for users of Gitea v1.26.3 and v1.26.4 to apply the necessary patches to mitigate this risk.

Affected Version(s)

Gitea Open Source Git Server 0 <= 1.25.4

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

moltenbit
.