CVE-2026-2725

medium Red Hat
CVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 89% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
None
Integrity
High
Availability
None
Published: May 13, 2026 (58 days ago)
Last Modified: May 13, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Gerrit. An authenticated attacker with force push permissions on a secondary branch can exploit an incorrect authorization vulnerability within the "submitted together" feature. By crafting a submission that matches the "topic" tag of an unapproved change, the attacker can bypass code review. This allows them to forcefully submit code to restricted branches, potentially leading to unauthorized changes in the codebase.

CWE

CWE-639

Affected Products

Red Hat Build of Podman DesktopRed Hat Developer HubRed Hat Fuse 7Self-service automation portal 2

References