VDB

GO-2025-4261

GO-2025-4261 PUBLISHED

Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

Affected Products

VendorProductVersions
code.gitea.iogitea0, 0

Timeline

  • Dec 30, 2025 CVE Published
  • Mar 3, 2026 CVE Updated
  • May 1, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›