All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-28744
HIGHpublished 2026-07-03 21:17 UTC · 18 hours ago
8.1
CVSS / 10
// description
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
// weaknesses (CWE)
- CWE-863