CVE-2026-13540 | GitBucket up to 4.46.1 RepositoryCreationService.scala Git.cloneRepository.setURI url server-side request forgery (Issue 4044)
A vulnerability was found in GitBucket up to 4.46.1. It has been classified as critical. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery.
This vulnerability is reported as CVE-2026-13540. The attack is possible to be carried out remotely. Moreover, an exploit is present.
To fix this issue, it is recommended to deploy a patch.VulDB Recent EntriesRead More