cvefeed.io
Critical Vulnerability CVE-2026-58426 Discovered in Gitea Actions Artifacts V4
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
CVE-2026-58426, published on July 3, 2026, reveals a critical vulnerability in Gitea Actions Artifacts V4. This flaw allows attackers to exploit HMAC ambiguities in signed URLs, enabling unauthorized cross-repository artifact reads and task state modifications. The vulnerability has been assigned a CVSS base score of 9.6, indicating its high severity. Currently, there are no public proof-of-concept exploits or patches available. Analysts are advised to monitor Gitea's official channels for updates. The scope of impact includes all versions of Gitea Actions Artifacts V4 up to 1.26.1. The lack of mitigation details raises concerns about potential exploitation in the wild.
Key Points: • CVE-2026-58426 has a CVSS score of 9.6, indicating critical severity. • The vulnerability allows unauthorized access to artifacts and task state modifications. • No public exploits or patches are currently available for this vulnerability.