CVE Catalog
CVE-2026-26307
Low risk· EPSS 7%Exploitation Probability (EPSS)
Low risk0.18%
7th percentile — higher than 7% of all known CVEs
Summary
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.
Risk Assessment
An attacker can send long-running grep queries, exhausting server resources (CPU, memory) and potentially causing a denial of service (DoS).
Recommendation
Immediately upgrade Gitea to version 1.25.5 or later, which introduces a timeout for git grep operations.
Original NVD description (English source)
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.

