Forgejo Denial-of-Service Vulnerability via Multi-Gigabyte File Upload

Vulnerability

A denial-of-service vulnerability has been identified in Forgejo versions through 13.0.3. The issue arises in the attachment component, where users can upload excessively large files, potentially reaching several gigabytes in size. This capability can be exploited by associating such large attachments with issues or releases, leading to resource exhaustion.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition, where the application becomes unresponsive or unavailable due to the excessive resource consumption from the large file uploads.

Added: Mar 16, 2026, 9:12 PM

Updated: Mar 16, 2026, 9:12 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

5.4

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

5.4

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Forgejo Denial-of-Service Vulnerability via Multi-Gigabyte File Upload

Vulnerability

Impact

Affected Products

Forgejo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating