Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-28705— Gitea repository dumps write release assets using unsafe path names

AI Predicted 7.5 Difficulty: Easy EPSS 0.37% · P29

Affected Version Matrix 1

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server< 1.25.5affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-28705

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Gitea repository dumps write release assets using unsafe path names
Source: NVD (National Vulnerability Database)
Vulnerability Description
Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gitea 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gitea是Gitea组织开源的一个基于Go开发的轻量型git服务。 Gitea 1.25.5之前版本存在路径遍历漏洞,该漏洞源于转储发布资源时,将发布标签名称和资源名称用作文件系统路径组件,允许特制名称影响转储输出路径。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
GiteaGitea Open Source Git Server 0 ~ 1.25.5 -

II. Public POCs for CVE-2026-28705

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-28705

登录查看更多情报信息。

Patches & Fixes for CVE-2026-28705 (1)

Security Blog Posts for CVE-2026-28705 (1)

Vendor Pages for CVE-2026-28705 (1)

Same Patch Batch · Gitea · 2026-07-03 · 40 CVEs total

CVE-2026-208969.8 CRITICALGitea Docker image trusts spoofable reverse-proxy headers by default
CVE-2026-584269.6 CRITICALGitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read
CVE-2026-228749.6 CRITICALGitea webhook and migration allow-list filtering permits SSRF
CVE-2026-584248.9 HIGHPermanent Fork PR Workflow Approval Gate Bypass
CVE-2026-287378.7 HIGHGitea 3D file viewer allows stored XSS through glTF extensionsRequired
CVE-2026-262318.5 HIGHGitea maintainer-edit permissions allow unauthorized commits to readable repositories
CVE-2026-286998.1 HIGHGitea Basic Auth bypasses OAuth2 access token scopes
CVE-2026-287448.1 HIGHGitea Git smart HTTP bypasses repository token scopes for bearer tokens
CVE-2026-225558.1 HIGHGitea organization forks can expose organization secrets without create permission
CVE-2026-584237.7 HIGHLFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to pr
CVE-2026-287407.1 HIGHGitea LFS object reuse bypasses Code-unit authorization
CVE-2026-207797.1 HIGHGitea TOTP single-use enforcement defect allows OTP replay
CVE-2026-584186.5 MEDIUMSSRF via HTTP Redirect in Repository Migration
CVE-2026-277834.3 MEDIUMGitea issue-template APIs bypass repository unit authorization
CVE-2026-277614.3 MEDIUMGitea repository feeds bypass API token scope enforcement
CVE-2026-257144.3 MEDIUMGitea user organization API bypasses public-only token filtering
CVE-2026-20706Gitea repository archive downloads bypass token scope checks
CVE-2026-20909Gitea tracked-time list endpoint has insufficient permission checks
CVE-2026-58421Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
CVE-2026-58419Notification API leaks private issue metadata after access revocation

Showing top 20 of 40 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-28705

No comments yet


Leave a comment