CVE-2026-26307

CVE-2026-26307 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-400.

Key facts

Description

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.

Frequently asked questions

What is CVE-2026-26307?
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.
Is CVE-2026-26307 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (7th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2026-26307?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2026-26307 published?
CVE-2026-26307 was published on 2026-07-03 and last updated on 2026-07-06.

References

Other CWE-400 (Uncontrolled Resource Consumption) vulnerabilities

Browse all CWE-400 (Uncontrolled Resource Consumption) vulnerabilities →