Unauthenticated ReDoS in Gitea by Go-Gitea
CVE-2026-58421

Currently unrated

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-58421?

A vulnerability has been identified in Gitea that allows for denial of service through unauthenticated exploitation of pattern matching within the CODEOWNERS file. Attackers can craft malicious inputs that, when processed, may cause excessive resource consumption and disrupt service availability. This issue especially impacts users of Gitea versions 1.26.3 and 1.26.4, and timely remediation through updates is recommended to maintain system integrity.

Affected Version(s)

Gitea Open Source Git Server 0 < 1.26.2

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

AdamKorcz
.