## https://sploitus.com/exploit?id=C2F491B0-E4A1-5E91-864E-AE16138D98DB
# # CVE-2026-22874 — Gitea SSRF PoC
⚠️ **DISCLAIMER**: Este PoC es SOLO para testing autorizado en instancias
Gitea = 1.26.3
## Legal Use Cases
- Security research con autorización explícita
- Testing en lab/desarrollo
- Validación de mitigaciones
## Mitigations If You Can't Patch
1. Disable webhooks entirely
2. Implement network egress controls
3. Block ranges mentioned in advisory
4. Use allow-list for webhook destinations
## References
- Official Advisory: https://github.com/go-gitea/gitea/security/advisories/GHSA-2r5c-gw76-rh3w
- CVE-2026-22874