Auth bypass in Gitea Open Source Git Server

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References