Description

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize() verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could still access repository endpoints (e.g., Composer metadata/download APIs). The fix in version 0.13.0 adds an explicit expiration check, and tests now test expired deploy tokens to ensure they are rejected.

INFO

Published Date :

2026-02-26T01:57:12.752Z

Last Modified :

2026-02-26T01:57:12.752Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27968 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27968.

URL Resource
https://github.com/packistry/packistry/commit/7740b48f0f4ecbe63099fb056c8a146180f8b283 cve-icon cve-icon
https://github.com/packistry/packistry/pull/276 cve-icon cve-icon
https://github.com/packistry/packistry/security/advisories/GHSA-4r9m-jp53-vgmw cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact