CVE-2026-2725 – Improper Authorization in Gerrit allowing Code Review Bypass via “Submitted Together”

CVE ID :CVE-2026-2725

Published : May 13, 2026, 5:32 a.m. | 1 hour, 25 minutes ago

Description :Incorrect authorization in the “submitted together” feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the “topic” tag of an unapproved change.

Severity: 6.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-41050 – Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

CVE-2026-25705 – Rancher Extensions have arbitrary file access via path traversal

CVE-2025-14767 – WPC Badge Management for WooCommerce

CVE-2026-3004 – Snow Monkey Blocks