CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22253

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before retrieving user context, bypassing ownership validation entirely. This issue has been patched in version 0.11.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.8%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2026-22253

Charm » Soft Serve » Version: N/A

cpe:2.3:a:charm:soft_serve:-
Charm » Soft Serve » Version: 0.1.0

cpe:2.3:a:charm:soft_serve:0.1.0
Charm » Soft Serve » Version: 0.1.1

cpe:2.3:a:charm:soft_serve:0.1.1
Charm » Soft Serve » Version: 0.1.2

cpe:2.3:a:charm:soft_serve:0.1.2
Charm » Soft Serve » Version: 0.1.3

cpe:2.3:a:charm:soft_serve:0.1.3
Charm » Soft Serve » Version: 0.10.0

cpe:2.3:a:charm:soft_serve:0.10.0
Charm » Soft Serve » Version: 0.11.0

cpe:2.3:a:charm:soft_serve:0.11.0
Charm » Soft Serve » Version: 0.11.1

cpe:2.3:a:charm:soft_serve:0.11.1
Charm » Soft Serve » Version: 0.2.0

cpe:2.3:a:charm:soft_serve:0.2.0
Charm » Soft Serve » Version: 0.2.1

cpe:2.3:a:charm:soft_serve:0.2.1
Charm » Soft Serve » Version: 0.2.2

cpe:2.3:a:charm:soft_serve:0.2.2
Charm » Soft Serve » Version: 0.2.3

cpe:2.3:a:charm:soft_serve:0.2.3
Charm » Soft Serve » Version: 0.3.0

cpe:2.3:a:charm:soft_serve:0.3.0
Charm » Soft Serve » Version: 0.3.1

cpe:2.3:a:charm:soft_serve:0.3.1
Charm » Soft Serve » Version: 0.3.2

cpe:2.3:a:charm:soft_serve:0.3.2
Charm » Soft Serve » Version: 0.3.3

cpe:2.3:a:charm:soft_serve:0.3.3
Charm » Soft Serve » Version: 0.4.0

cpe:2.3:a:charm:soft_serve:0.4.0
Charm » Soft Serve » Version: 0.4.1

cpe:2.3:a:charm:soft_serve:0.4.1
Charm » Soft Serve » Version: 0.4.2

cpe:2.3:a:charm:soft_serve:0.4.2
Charm » Soft Serve » Version: 0.4.3

cpe:2.3:a:charm:soft_serve:0.4.3
Charm » Soft Serve » Version: 0.4.4

cpe:2.3:a:charm:soft_serve:0.4.4
Charm » Soft Serve » Version: 0.4.5

cpe:2.3:a:charm:soft_serve:0.4.5
Charm » Soft Serve » Version: 0.4.6

cpe:2.3:a:charm:soft_serve:0.4.6
Charm » Soft Serve » Version: 0.4.7

cpe:2.3:a:charm:soft_serve:0.4.7
Charm » Soft Serve » Version: 0.5.0

cpe:2.3:a:charm:soft_serve:0.5.0
Charm » Soft Serve » Version: 0.5.1

cpe:2.3:a:charm:soft_serve:0.5.1
Charm » Soft Serve » Version: 0.5.2

cpe:2.3:a:charm:soft_serve:0.5.2
Charm » Soft Serve » Version: 0.5.3

cpe:2.3:a:charm:soft_serve:0.5.3
Charm » Soft Serve » Version: 0.5.4

cpe:2.3:a:charm:soft_serve:0.5.4
Charm » Soft Serve » Version: 0.5.5

cpe:2.3:a:charm:soft_serve:0.5.5
Charm » Soft Serve » Version: 0.6.0

cpe:2.3:a:charm:soft_serve:0.6.0
Charm » Soft Serve » Version: 0.6.1

cpe:2.3:a:charm:soft_serve:0.6.1
Charm » Soft Serve » Version: 0.6.2

cpe:2.3:a:charm:soft_serve:0.6.2
Charm » Soft Serve » Version: 0.7.1

cpe:2.3:a:charm:soft_serve:0.7.1
Charm » Soft Serve » Version: 0.7.2

cpe:2.3:a:charm:soft_serve:0.7.2
Charm » Soft Serve » Version: 0.7.3

cpe:2.3:a:charm:soft_serve:0.7.3
Charm » Soft Serve » Version: 0.7.4

cpe:2.3:a:charm:soft_serve:0.7.4
Charm » Soft Serve » Version: 0.7.5

cpe:2.3:a:charm:soft_serve:0.7.5
Charm » Soft Serve » Version: 0.7.6

cpe:2.3:a:charm:soft_serve:0.7.6
Charm » Soft Serve » Version: 0.8.0

cpe:2.3:a:charm:soft_serve:0.8.0
Charm » Soft Serve » Version: 0.8.1

cpe:2.3:a:charm:soft_serve:0.8.1
Charm » Soft Serve » Version: 0.8.2

cpe:2.3:a:charm:soft_serve:0.8.2
Charm » Soft Serve » Version: 0.8.3

cpe:2.3:a:charm:soft_serve:0.8.3
Charm » Soft Serve » Version: 0.8.4

cpe:2.3:a:charm:soft_serve:0.8.4
Charm » Soft Serve » Version: 0.8.5

cpe:2.3:a:charm:soft_serve:0.8.5
Charm » Soft Serve » Version: 0.9.0

cpe:2.3:a:charm:soft_serve:0.9.0
Charm » Soft Serve » Version: 0.9.1

cpe:2.3:a:charm:soft_serve:0.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22253

Products

Pricing

Contact Us