CVE-2026-22253 | charmbracelet soft-serve up to 0.11.1 LFS Lock Deletion Endpoint authorization

A vulnerability has been found in charmbracelet soft-serve up to 0.11.1 and classified as problematic. This vulnerability affects unknown code of the component LFS Lock Deletion Endpoint. This manipulation causes incorrect authorization.

The identification of this vulnerability is CVE-2026-22253. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More