EIP-2026-104266

PRE-CVE

Gitea 1.4.0 - Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104266. PoCs published by Kacper Szurek.

AI-analyzed exploit summary This exploit leverages a race condition and JWT token manipulation in Gitea 1.4.0 to achieve unauthenticated remote code execution. It abuses LFS (Large File Storage) endpoints to overwrite session files and escalate privileges to admin, then executes arbitrary commands via Git hooks.

Description

Gitea 1.4.0 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC

by Kacper Szurek · pythonwebappsmultiple

https://www.exploit-db.com/exploits/44996

View Code ZIP pw:eip

This exploit leverages a race condition and JWT token manipulation in Gitea 1.4.0 to achieve unauthenticated remote code execution. It abuses LFS (Large File Storage) endpoints to overwrite session files and escalate privileges to admin, then executes arbitrary commands via Git hooks.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Gitea 1.4.0

No auth needed

Prerequisites: Public repository must exist on the target Gitea instance · Network access to the Gitea instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026