GHSA-3m6q-h5gj-7mrw: Gitea has insecure default SSH settings

April 22, 2026

The built-in SSH server currently advertises a number of key exchange, MAC, and host key algorithms that are considered weak or broken. The defaults should be tightened so a fresh installation passes a baseline SSH security audit out of the box.

References

github.com/advisories/GHSA-3m6q-h5gj-7mrw
github.com/go-gitea/gitea
github.com/go-gitea/gitea/security/advisories/GHSA-3m6q-h5gj-7mrw

Code Behaviors & Features

Detect and mitigate GHSA-3m6q-h5gj-7mrw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →