CVE-2026-27780
Low risk· EPSS 7%Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
A vulnerability in Gitea before version 1.26.0 fails to close the connection securely on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.
Risk Assessment
An attacker can bypass branch protection controls, potentially leading to unauthorized repository changes, code integrity compromise, and malicious code injection.
Recommendation
Upgrade Gitea to version 1.26.0 or later immediately, which includes a fix to close the connection on scanner errors.
Original NVD description (English source)
Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

