CVE Catalog

CVE-2026-26307

Low risk· EPSS 7%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile — higher than 7% of all known CVEs

Summary

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.

Risk Assessment

An attacker can send long-running grep queries, exhausting server resources (CPU, memory) and potentially causing a denial of service (DoS).

Recommendation

Immediately upgrade Gitea to version 1.25.5 or later, which introduces a timeout for git grep operations.

Original NVD description (English source)

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS