CVE-2025-68971 PUBLISHED

Assigner: mitre
Reserved: 27.12.2025 Published: 16.03.2026 Updated: 17.03.2026

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).

Product Status

Vendor	n/a
Product	n/a
Versions	Version n/a is affected

References

https://codeberg.org/forgejo/forgejo
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291973
https://zenodo.org/records/18945481
https://zenodo.org/records/19058493

Problem Types

n/a text