CVE Field Guide
About Us
CVE-2026-58418
PUBLISHED
SSRF via HTTP Redirect in Repository Migration
Assigner:
Gitea
Reserved:
30.06.2026
Published:
03.07.2026
Updated:
03.07.2026
SSRF via HTTP Redirect in Repository Migration
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Score:
6.5
CVSS score
6.5
Attack Vector
Network
Scope
Unchanged
Attack Complexity
Low
Confidentiality Impact
High
Privileges Required
Low
Integrity Impact
None
User Interaction
None
Availability Impact
None
CVSS 3.1
Product Status
Vendor
Gitea
Product
Gitea Open Source Git Server
Versions
Default:
unaffected
affected from 0 to 1.25.4 (incl.)
Credits
moltenbit
reporter
References
GitHub Security Advisory
GitHub Pull Request #38108
Gitea v1.26.4 Release
Gitea v1.26.4 Release Blog Post
Problem Types
CWE-918
CWE