CVE-2026-22253

MEDIUM5.4EPSS 0.02%

Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve

Published: 1/8/2026Modified: 3/3/2026

Description

Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve

Affected packages (2)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1MEDIUM5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

References (4)