A vulnerability was found in QGIS. It has been classified as critical. Affected is the function pull_request_target. The manipulation leads to incorrect authorization.

This vulnerability is referenced as CVE-2026-24480. Remote exploitation of the attack is possible. No exploit is available.

It is recommended to apply a patch to fix this issue.