CVE-2026-33353 Overview
CVE-2026-33353 is an authorization bypass vulnerability in Charm Soft Serve, a self-hostable Git server for the command line. The flaw exists in the repository import functionality from version 0.6.0 to before version 0.11.6. An authenticated SSH user can exploit this vulnerability to clone server-local Git repositories—including private repositories belonging to other users—into a new repository under their control.
Critical Impact
Any authenticated SSH user can access and clone private repositories belonging to other users, leading to unauthorized disclosure of potentially sensitive source code and intellectual property.
Affected Products
- Charm Soft Serve versions 0.6.0 to 0.11.5
- Self-hosted Git server deployments using vulnerable Soft Serve versions
- Go-based installations via the charm:soft_serve package
Discovery Timeline
- 2026-03-24 - CVE-2026-33353 published to NVD
- 2026-03-25 - Last updated in NVD database
Technical Details for CVE-2026-33353
Vulnerability Analysis
This authorization bypass vulnerability stems from insufficient validation in the repository import feature of Soft Serve. When a user attempts to import a repository, the application fails to properly verify whether the specified remote URL points to an external network resource or a local file path. This allows authenticated users to specify local paths to other repositories on the same server, effectively bypassing access controls and gaining unauthorized access to private repositories.
The vulnerability is network-accessible and requires low privileges (valid SSH authentication) but no user interaction, making it relatively easy to exploit for any authenticated user on the system.
Root Cause
The root cause is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The repository import functionality lacked proper validation of the remote URL parameter, failing to distinguish between legitimate external network URLs and local file system paths. This allowed attackers to specify paths to other users' private repositories, which the server would then clone without performing proper authorization checks.
Attack Vector
The attack is conducted over the network by an authenticated SSH user. The attacker leverages the repository import functionality to specify a local path (such as another user's private repository) instead of a legitimate external Git remote URL. Since the server-side code did not validate that the remote was actually a network URL with a valid host, it would process the import request and clone the targeted local repository into a new repository controlled by the attacker.
// Security patch adding remote URL validation
// Source: https://github.com/charmbracelet/soft-serve/commit/c147421caf234bcfc1570c79d728ecbbe5813e55
func validateImportRemote(remote string) error {
endpoint, err := lfs.NewEndpoint(remote)
if err != nil || endpoint.Host == "" {
return proto.ErrInvalidRemote
}
return nil
}
The patch introduces a new validateImportRemote function that uses the LFS endpoint parser to verify the remote URL has a valid host component, rejecting local file paths.
// New error definition for invalid remotes
// Source: https://github.com/charmbracelet/soft-serve/commit/c147421caf234bcfc1570c79d728ecbbe5813e55
var (
// ErrUnauthorized is returned when the user is not authorized to perform action.
ErrUnauthorized = errors.New("unauthorized")
// ErrInvalidRemote is returned when a repository import remote is invalid.
ErrInvalidRemote = errors.New("remote must be a network URL")
// ErrFileNotFound is returned when the file is not found.
ErrFileNotFound = errors.New("file not found")
This adds a specific error type ErrInvalidRemote with a clear message indicating that remotes must be network URLs, preventing local path exploitation.
Detection Methods for CVE-2026-33353
Indicators of Compromise
- Unusual repository import operations referencing local file paths or relative paths
- New repositories appearing with content matching existing private repositories
- Audit logs showing repository imports with non-HTTP/HTTPS remote URLs
- Unexpected SSH session activity from users performing multiple import operations
Detection Strategies
- Monitor repository import operations for remotes lacking proper URL schemes (http://, https://, git://)
- Implement logging for all repository creation and import events with full remote URL capture
- Review access logs for patterns indicating enumeration of local repository paths
- Alert on repository imports where the remote does not contain a valid network host
Monitoring Recommendations
- Enable verbose logging for all Git operations on the Soft Serve instance
- Implement file integrity monitoring on repository directories to detect unauthorized cloning
- Set up alerts for anomalous repository creation patterns by individual users
- Regularly audit repository access and ownership to identify unauthorized data transfers
How to Mitigate CVE-2026-33353
Immediate Actions Required
- Upgrade Soft Serve to version 0.11.6 or later immediately
- Audit existing repositories for signs of unauthorized cloning or data exfiltration
- Review user accounts and SSH key access for any suspicious activity
- Temporarily disable repository import functionality if immediate upgrade is not possible
Patch Information
Charm has released version 0.11.6 of Soft Serve which addresses this vulnerability. The fix introduces proper validation of import remote URLs to ensure they are legitimate network URLs rather than local file paths. Organizations should upgrade to this version as soon as possible.
For detailed information, see the GitHub Security Advisory GHSA-xgxp-f695-6vrp and the release notes for v0.11.6.
The specific security fix can be reviewed in commit c147421.
Workarounds
- Restrict SSH access to trusted users only until the patch can be applied
- Disable or remove repository import functionality at the application or network level
- Implement network segmentation to limit which users can access the Soft Serve instance
- Deploy application-layer firewall rules to block repository import requests containing local paths
# Configuration example
# Upgrade Soft Serve to patched version
go install github.com/charmbracelet/soft-serve/cmd/soft@v0.11.6
# Verify the installed version
soft --version
# Expected output: soft version v0.11.6 or later
# Restart the Soft Serve service after upgrade
systemctl restart soft-serve
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
