CVE Catalog

CVE-2026-27780

Low risk· EPSS 7%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A vulnerability in Gitea before version 1.26.0 fails to close the connection securely on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

Risk Assessment

An attacker can bypass branch protection controls, potentially leading to unauthorized repository changes, code integrity compromise, and malicious code injection.

Recommendation

Upgrade Gitea to version 1.26.0 or later immediately, which includes a fix to close the connection on scanner errors.

Original NVD description (English source)

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS