Listen to this Post
The vulnerability stems from Gitea’s built-in SSH server, which, by default, advertises outdated cryptographic algorithms that have been deprecated or are considered weak by modern security standards. An attacker could exploit this by performing a `ssh-audit` scan against a default Gitea deployment. The audit typically flags the following as failing due to their weak or broken nature: ecdh-sha2-nistp256, ecdh-sha2-nistp384, and `ecdh-sha2-nistp521` for key exchange; `hmac-sha1` for message authentication; and `ssh-rsa` for host key. The exposure of these algorithms allows an attacker to potentially downgrade the security of an SSH session. This is because an attacker can negotiate the use of a weaker, compromised algorithm, making it feasible to perform a Man-in-the-Middle (MitM) attack or decrypt intercepted SSH traffic. The primary risk is data integrity, as the broken MAC algorithm (hmac-sha1) could be used to tamper with data. The root cause is a lack of default “hardening,” forcing administrators to manually configure secure algorithms, a step most users neglect.
Daily CVE Form
Platform: Go
Version: < 1.25.0
Vulnerability : Exposure of Insecure Algorithms
Severity: Moderate
date: 22 Apr 2026
Prediction: Include expected Patch date.
Gitea v1.25.0
What Undercode Say:
Clone the Gitea repository git clone https://github.com/go-gitea/gitea.git Run an SSH security audit against the default Gitea deployment docker run -it --rm positronsecurity/ssh-audit -p 2222 gitea.local
Exploit:
An attacker can exploit this issue without any authentication. They would identify a vulnerable Gitea instance by checking the SSH banner or performing a version scan. Then, they would conduct an SSH handshake, specifically negotiating the use of a deprecated algorithm like `hmac-sha1` or ecdh-sha2-nistp256. With the session using a weak algorithm, the attacker could launch a Man-in-the-Middle (MitM) attack to intercept, decrypt, or modify the data in transit.
Protection from this CVE:
- Upgrade Gitea: Update to Gitea version 1.25.0 or later, which includes the fix by default.
- Manually Harden Configuration: If immediate upgrading is not possible, add the following to the `[bash]` section of your
app.ini:
`SSH_SERVER_KEY_EXCHANGES = curve25519-sha256, diffie-hellman-group14-sha256`
`SSH_SERVER_CIPHERS = [email protected], aes128-ctr`
`SSH_SERVER_MACS = [email protected], hmac-sha2-256`
(Note: This workaround will still leave the `ssh-rsa` host key algorithm exposed).
Impact:
- Confidentiality: An attacker could potentially decrypt and read sensitive data transmitted over the SSH session, such as source code, configuration files, or CI/CD secrets.
- Integrity: The attacker may be able to tamper with the data stream by using the vulnerable `hmac-sha1` algorithm to forge messages.
- System Compromise: A successful MitM attack could allow an attacker to impersonate a legitimate server, leading to credential theft or the injection of malicious commands during a Git operation.
This analysis is based on real data from the official GitHub Security Advisory database for this issue.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

