CVE-2026-2725
Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.
| CWE | CWE-863 |
| Vendor | gerrit |
| Product | gerrit |
| Published | May 13, 2026 |
| Last Updated | May 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for gerrit gerrit
Be the first to know when new unknown vulnerabilities affecting gerrit gerrit are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Gerrit / Gerrit
2.12; 0