CVE Catalog

CVE-2026-58423

HighCVSS 7.7
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability in the LFS (Large File Storage) system allows authentication bypass via a malformed SSH sub-verb. An attacker can gain unauthorized read access to private repositories.

Risk Assessment

The organization is at risk of confidential data leakage from private repositories, potentially leading to intellectual property or trade secret exposure.

Recommendation

Immediately update the LFS system to the latest patched version. Additionally, restrict SSH access to trusted IP addresses.

Original NVD description (English source)

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

Vulnerability data from NVD (NIST) · CISA KEV · EPSS