Skip to main content

Soft Serve

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-30832 Go CRITICAL POC PATCH Act Now

SSRF in Soft Serve Git server versions 0.6.0 to 0.11.3 allows authenticated attackers to make requests to internal services. PoC and patch available.

SSH Soft Serve Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-24058 Go CRITICAL PATCH Act Now

Soft Serve self-hosted Git server versions 0.11.2 and below have a critical authentication bypass that allows unauthenticated access to private repositories.

SSH Authentication Bypass Soft Serve Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22253 Go MEDIUM POC PATCH This Month

Soft Serve versions prior to 0.11.2 contain an authorization bypass in the LFS lock deletion endpoint that allows authenticated users to forcibly delete locks owned by other users by exploiting improper validation order. Any user with repository write access can leverage this vulnerability to disrupt collaborative workflows by removing locks created by teammates. A public exploit exists and patches are available.

Authentication Bypass Soft Serve Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-64522 Go CRITICAL POC PATCH Act Now

Soft Serve is a self-hostable Git server for the command line. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Soft Serve
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-22130 Go MEDIUM PATCH This Month

Soft Serve is a self-hostable Git server for the command line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Soft Serve Suse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2026-30832 Go
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

SSRF in Soft Serve Git server versions 0.6.0 to 0.11.3 allows authenticated attackers to make requests to internal services. PoC and patch available.

SSH Soft Serve Suse
NVD GitHub
CVE-2026-24058 Go
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Soft Serve self-hosted Git server versions 0.11.2 and below have a critical authentication bypass that allows unauthenticated access to private repositories.

SSH Authentication Bypass Soft Serve +1
NVD GitHub
CVE-2026-22253 Go
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Soft Serve versions prior to 0.11.2 contain an authorization bypass in the LFS lock deletion endpoint that allows authenticated users to forcibly delete locks owned by other users by exploiting improper validation order. Any user with repository write access can leverage this vulnerability to disrupt collaborative workflows by removing locks created by teammates. A public exploit exists and patches are available.

Authentication Bypass Soft Serve Suse
NVD GitHub
CVE-2025-64522 Go
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Soft Serve is a self-hostable Git server for the command line. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Soft Serve
NVD GitHub
CVE-2025-22130 Go
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Soft Serve is a self-hostable Git server for the command line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Soft Serve Suse
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy