Share
## https://sploitus.com/exploit?id=C2F491B0-E4A1-5E91-864E-AE16138D98DB
# # CVE-2026-22874 — Gitea SSRF PoC

⚠️ **DISCLAIMER**: Este PoC es SOLO para testing autorizado en instancias 
Gitea = 1.26.3

## Legal Use Cases
- Security research con autorización explícita
- Testing en lab/desarrollo
- Validación de mitigaciones

## Mitigations If You Can't Patch
1. Disable webhooks entirely
2. Implement network egress controls
3. Block ranges mentioned in advisory
4. Use allow-list for webhook destinations

## References
- Official Advisory: https://github.com/go-gitea/gitea/security/advisories/GHSA-2r5c-gw76-rh3w
- CVE-2026-22874