Critical Vulnerability CVE-2026-58426 Discovered in Gitea Actions Artifacts V4

Critical Vulnerability CVE-2026-58426 Discovered in Gitea Actions Artifacts V4

First seen 5 Jul 2026, 05:49 UTC Feedlycvefeed.iowww.thehackerwire.comvuldb.com 89% similarity 66.6

Article Content

Browse articles
ThreatCluster

CVE-2026-58426, published on July 3, 2026, reveals a critical vulnerability in Gitea Actions Artifacts V4. This flaw allows attackers to exploit HMAC ambiguities in signed URLs, enabling unauthorized cross-repository artifact reads and task state modifications. The vulnerability has been assigned a CVSS base score of 9.6, indicating its high severity. Currently, there are no public proof-of-concept exploits or patches available. Analysts are advised to monitor Gitea's official channels for updates. The scope of impact includes all versions of Gitea Actions Artifacts V4 up to 1.26.1. The lack of mitigation details raises concerns about potential exploitation in the wild.

Key Points: • CVE-2026-58426 has a CVSS score of 9.6, indicating critical severity. • The vulnerability allows unauthorized access to artifacts and task state modifications. • No public exploits or patches are currently available for this vulnerability.

ThreatCluster AI

Timeline

2026-07-03
CVE-2026-58426 published
Gitea disclosed a critical vulnerability in Actions Artifacts V4 affecting all versions up to 1.26.1.
cvefeed.io
2026-07-04
First details released by NNVD
NNVD published initial information on CVE-2026-58426, confirming its critical nature and CVSS score.
Feedly

Community

Browse all →