CVE-2026-2725 – Improper Authorization in Gerrit allowing Code Review Bypass via “Submitted Together”

CVE ID :CVE-2026-2725

Published : May 13, 2026, 5:32 a.m. | 1 hour, 25 minutes ago

Description :Incorrect authorization in the “submitted together” feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the “topic” tag of an unapproved change.

Severity: 6.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-44612 – Bytello Share (Windows Edition) DLL Loading Vulnerability (Remote Code Execution)

CVE-2025-11159 – Hitachi Vantara Pentaho Data Integration & Analytics – Dependency on Vulnerable Third-Party Component

CVE-2026-6965 – Tutor LMS

CVE-2025-14033 – ilGhera Support System for WooCommerce