Large File Uploads Can Crash Forgejo

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Large File Uploads Can Crash Forgejo

CVE-2025-68971

Summary

A large file upload in Forgejo can cause the application to freeze or crash, making it unavailable. This issue affects Forgejo versions up to 13.0.3. To fix this, update to a newer version of Forgejo that addresses this issue.

Original title

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).

Original description

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291973
https://codeberg.org/forgejo/forgejo
https://zenodo.org/records/18945481

Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026