← back
CVE-2026-27780

Gitea pre-receive hook can miss branch-protection checks after scanner errors

EPSS 0.2%CWE-863
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
03 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.