Gerrit 2.12+ auth bypass via 'submitted' allows force push to restricted branches
CVE-2026-2725 Published on May 13, 2026

Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.

NVD

Weakness Type

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2026-2725 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2026-2725

Want to know whenever a new CVE is published for Google Gerrit? stack.watch will email you.

Google Gerrit

Affected Versions

Gerrit Version 2.12; 0 is affected by CVE-2026-2725

Gerrit 2.12+ auth bypass via 'submitted' allows force push to restricted branchesCVE-2026-2725 Published on May 13, 2026

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2026-2725

Affected Versions

Gerrit 2.12+ auth bypass via 'submitted' allows force push to restricted branches
CVE-2026-2725 Published on May 13, 2026