Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-13T05:32:49 gerrit: Gerrit: Code review bypass via incorrect authorization 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CWE-639

A flaw was found in Gerrit. An authenticated attacker with force push permissions on a secondary branch can exploit an incorrect authorization vulnerability within the "submitted together" feature. By crafting a submission that matches the "topic" tag of an unapproved change, the attacker can bypass code review. This allows them to forcefully submit code to restricted branches, potentially leading to unauthorized changes in the codebase.

Red Hat Build of Podman Desktop Not affected rh-podman-desktop.git Red Hat Developer Hub Not affected rhdh/rhdh-hub-rhel9 Red Hat Fuse 7 Not affected gerrit-api Self-service automation portal 2 Not affected ansible-automation-platform/automation-portal https://www.cve.org/CVERecord?id=CVE-2026-2725 https://nvd.nist.gov/vuln/detail/CVE-2026-2725 https://issues.gerritcodereview.com/issues/486131256