Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-26292
PUBLISHED
More InfoOfficial Page
Assigner-Gitea
Assigner Org ID-88ee5874-cf24-4952-aea0-31affedb7ff2
View Known Exploited Vulnerability (KEV) details
Published At-03 Jul, 2026 | 20:19
Updated At-03 Jul, 2026 | 20:19
Rejected At-
▼CVE Numbering Authority (CNA)
Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests.

Affected Products
Vendor
Gitea
Product
Gitea Open Source Git Server
Default Status
unaffected
Versions
Affected
  • From 0 before 1.25.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284
Type: CWE
CWE ID: CWE-284
Description: CWE-284
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
allsmog
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/go-gitea/gitea/pull/36665
patch
https://github.com/go-gitea/gitea/pull/36691
patch
https://github.com/go-gitea/gitea/releases/tag/v1.25.5
release-notes
https://blog.gitea.com/release-of-1.25.5/
release-notes
Hyperlink: https://github.com/go-gitea/gitea/pull/36665
Resource:
patch
Hyperlink: https://github.com/go-gitea/gitea/pull/36691
Resource:
patch
Hyperlink: https://github.com/go-gitea/gitea/releases/tag/v1.25.5
Resource:
release-notes
Hyperlink: https://blog.gitea.com/release-of-1.25.5/
Resource:
release-notes
Details not found