CVE-2026-26292

CVE-2026-26292CVE-2026-26292

Description

Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests.

Scoring

Last modified2026-07-03
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.