CVE-2026-33353

High CVSS: 7.1

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. This issue has been patched in version 0.11.6.

Vendor

Charm

Product

Soft Serve

CWE

CWE-200

Yayın Tarihi

2026-03-24 20:16:29

Güncelleme

2026-03-25 21:59:38

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Soft Serve HIGH Charm 2026

Referanslar

https://github.com/charmbracelet/soft-serve/commit/c147421caf234bcfc1570c79d728ecbbe5813e55 https://github.com/charmbracelet/soft-serve/releases/tag/v0.11.6 https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-xgxp-f695-6vrp https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-xgxp-f695-6vrp

Benzer Kayıtlar

Critical

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authentic…

High

CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication…

Medium

CVE-2026-22253

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the L…

Critical

CVE-2025-64522

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where…

Medium

CVE-2025-22130

Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing…