CVE Catalog
CVE-2026-58423
HighCVSS 7.7Exploitation Probability (EPSS)
Low risk0.31%
23th percentile — higher than 23% of all known CVEs
Summary
A vulnerability in the LFS (Large File Storage) system allows authentication bypass via a malformed SSH sub-verb. An attacker can gain unauthorized read access to private repositories.
Risk Assessment
The organization is at risk of confidential data leakage from private repositories, potentially leading to intellectual property or trade secret exposure.
Recommendation
Immediately update the LFS system to the latest patched version. Additionally, restrict SSH access to trusted IP addresses.
Original NVD description (English source)
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

