Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.6

CVE-2026-58426: Gitea Actions Signed URLs May Reveal or Alter Artifacts

CVE-2026-58426 CVE-2026-58426
Summary

Gitea Action artifacts may be exposed or altered due to a weakness in how they are signed. This could allow unauthorized access to sensitive data or tampering with project files. Update Gitea to the latest version to address this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
gitea gitea open source git server <= 1.26.1
Original title
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
Original description
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
mitre CVSS3.1 9.6
Vulnerability type
CWE-347 Improper Verification of Cryptographic Signature
Published: 3 Jul 2026 · Updated: 5 Jul 2026 · First seen: 3 Jul 2026