GHSA-vhq7-fwwh-7hjfCriticalCVSS 9.8

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre...

Published
July 3, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

🔗 References (5)