CVE-2026-28705

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
03/07/2026
Last modified:
03/07/2026

Description

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.

Impact