CVE Catalog
CVE-2026-28740
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk0.32%
24th percentile — higher than 24% of all known CVEs
Summary
A vulnerability in Gitea up to version 1.26.2 allows Git LFS object reuse, enabling users with repository access but without Code-unit access to authorize private source objects.
Risk Assessment
The risk involves unauthorized access to private data stored in Git LFS, potentially leading to leakage of sensitive information within the organization.
Recommendation
It is recommended to immediately upgrade Gitea to a version later than 1.26.2, which includes a fix for this security vulnerability.
Original NVD description (English source)
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access.

