Search criteria
50 vulnerabilities
CVE-2026-58426 (GCVE-0-2026-58426)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-03 20:54
VLAI?
Title
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
Summary
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
Severity ?
9.6 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
1.22.0 , ≤ 1.26.1
(semver)
|
Credits
kamil-sawicki
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.1",
"status": "affected",
"version": "1.22.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kamil-sawicki"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:53.283Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-hg5r-vq93-9fv6"
},
{
"name": "GitHub Pull Request #37707",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37707"
},
{
"name": "Gitea v1.26.2 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.2"
},
{
"name": "Gitea v1.26.2 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.2/"
}
],
"title": "Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58426",
"datePublished": "2026-07-03T20:54:53.283Z",
"dateReserved": "2026-06-30T18:57:20.615Z",
"dateUpdated": "2026-07-03T20:54:53.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58424 (GCVE-0-2026-58424)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-03 20:54
VLAI?
Title
Permanent Fork PR Workflow Approval Gate Bypass
Summary
Permanent Fork PR Workflow Approval Gate Bypass
Severity ?
8.9 (High)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.2
(semver)
|
Credits
prakhar0x01
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "prakhar0x01"
}
],
"descriptions": [
{
"lang": "en",
"value": "Permanent Fork PR Workflow Approval Gate Bypass"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:52.923Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-777r-4v59-6486"
},
{
"name": "GitHub Pull Request #38010",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38010"
},
{
"name": "Gitea v1.26.4 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.4"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "Permanent Fork PR Workflow Approval Gate Bypass",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58424",
"datePublished": "2026-07-03T20:54:52.923Z",
"dateReserved": "2026-06-30T18:57:20.614Z",
"dateUpdated": "2026-07-03T20:54:52.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58423 (GCVE-0-2026-58423)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-03 20:54
VLAI?
Title
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
Summary
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
Severity ?
7.7 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
1.23.0 , ≤ 1.26.2
(semver)
|
Credits
Tomer-PL
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.2",
"status": "affected",
"version": "1.23.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tomer-PL"
}
],
"descriptions": [
{
"lang": "en",
"value": "LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:52.580Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-7wvc-rvp7-w99x"
},
{
"name": "GitHub Pull Request #38008",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38008"
},
{
"name": "Gitea v1.26.4 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.4"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58423",
"datePublished": "2026-07-03T20:54:52.580Z",
"dateReserved": "2026-06-30T18:57:20.614Z",
"dateUpdated": "2026-07-03T20:54:52.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58422 (GCVE-0-2026-58422)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-03 20:54
VLAI?
Title
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
Summary
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.1
(semver)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:52.236Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-g9g6-qhrc-p3qc"
},
{
"name": "GitHub Pull Request #38009",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38009"
},
{
"name": "Gitea v1.26.4 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.4"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58422",
"datePublished": "2026-07-03T20:54:52.236Z",
"dateReserved": "2026-06-30T18:57:20.614Z",
"dateUpdated": "2026-07-03T20:54:52.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58421 (GCVE-0-2026-58421)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-03 20:54
VLAI?
Title
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
Summary
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.26.2
(semver)
|
Credits
AdamKorcz
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.26.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AdamKorcz"
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:51.884Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-v96j-25gv-g2w9"
},
{
"name": "GitHub Pull Request #38011",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38011"
},
{
"name": "Gitea v1.26.4 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.4"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58421",
"datePublished": "2026-07-03T20:54:51.884Z",
"dateReserved": "2026-06-30T18:57:20.614Z",
"dateUpdated": "2026-07-03T20:54:51.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58419 (GCVE-0-2026-58419)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-03 20:54
VLAI?
Title
Notification API leaks private issue metadata after access revocation
Summary
Notification API leaks private issue metadata after access revocation
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
1.26.2
(semver)
|
Credits
ybsun0215
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"status": "affected",
"version": "1.26.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ybsun0215"
}
],
"descriptions": [
{
"lang": "en",
"value": "Notification API leaks private issue metadata after access revocation"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:51.523Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-44qc-pgvp-wx7v"
},
{
"name": "GitHub Pull Request #38108",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38108"
},
{
"name": "Gitea v1.26.4 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.4"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "Notification API leaks private issue metadata after access revocation",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58419",
"datePublished": "2026-07-03T20:54:51.523Z",
"dateReserved": "2026-06-30T18:57:20.613Z",
"dateUpdated": "2026-07-03T20:54:51.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58418 (GCVE-0-2026-58418)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-03 20:54
VLAI?
Title
SSRF via HTTP Redirect in Repository Migration
Summary
SSRF via HTTP Redirect in Repository Migration
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.25.4
(semver)
|
Credits
moltenbit
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.25.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "moltenbit"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF via HTTP Redirect in Repository Migration"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:51.149Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-rqhx-647v-wx32"
},
{
"name": "GitHub Pull Request #38108",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38108"
},
{
"name": "Gitea v1.26.4 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.4"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "SSRF via HTTP Redirect in Repository Migration",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58418",
"datePublished": "2026-07-03T20:54:51.149Z",
"dateReserved": "2026-06-30T18:57:20.613Z",
"dateUpdated": "2026-07-03T20:54:51.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28744 (GCVE-0-2026-28744)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea Git smart HTTP bypasses repository token scopes for bearer tokens
Summary
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
Severity ?
8.1 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.1
(semver)
|
Credits
ohxorud-dev
lunny
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ohxorud-dev"
},
{
"lang": "en",
"type": "remediation developer",
"value": "lunny"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:40.031Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-cc8w-r4qh-3v65"
},
{
"name": "GitHub Pull Request #37583",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37583"
},
{
"name": "Gitea v1.26.2 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.2"
},
{
"name": "Gitea v1.26.2 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.2/"
}
],
"title": "Gitea Git smart HTTP bypasses repository token scopes for bearer tokens",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-28744",
"datePublished": "2026-07-03T20:19:40.031Z",
"dateReserved": "2026-03-03T03:25:50.255Z",
"dateUpdated": "2026-07-03T20:19:40.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28740 (GCVE-0-2026-28740)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea LFS object reuse bypasses Code-unit authorization
Summary
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access.
Severity ?
7.1 (High)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.2
(semver)
|
Credits
m2hcz
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m2hcz"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:39.687Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-2m9v-5q2g-58vq"
},
{
"name": "GitHub Pull Request #38050",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38050"
},
{
"name": "Gitea v1.26.3 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.3"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "Gitea LFS object reuse bypasses Code-unit authorization",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-28740",
"datePublished": "2026-07-03T20:19:39.687Z",
"dateReserved": "2026-03-03T03:25:59.982Z",
"dateUpdated": "2026-07-03T20:19:39.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28737 (GCVE-0-2026-28737)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea 3D file viewer allows stored XSS through glTF extensionsRequired
Summary
Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer.
Severity ?
8.7 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
1.25.0 , < 1.26.0
(semver)
|
Credits
yonatan-pl
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yonatan-pl"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:39.358Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-9cpj-qc93-vw8v"
},
{
"name": "GitHub Pull Request #37233",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37233"
},
{
"name": "Gitea v1.26.0 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.0"
},
{
"name": "Gitea v1.26.0 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.0/"
}
],
"title": "Gitea 3D file viewer allows stored XSS through glTF extensionsRequired",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-28737",
"datePublished": "2026-07-03T20:19:39.358Z",
"dateReserved": "2026-03-03T03:25:50.217Z",
"dateUpdated": "2026-07-03T20:19:39.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28705 (GCVE-0-2026-28705)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea repository dumps write release assets using unsafe path names
Summary
Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.
Severity ?
No CVSS data available.
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
Robert Flosbach from Neodyme AG
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Robert Flosbach from Neodyme AG"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:39.011Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36799",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36799"
},
{
"name": "GitHub Pull Request #36839",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36839"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea repository dumps write release assets using unsafe path names",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-28705",
"datePublished": "2026-07-03T20:19:39.011Z",
"dateReserved": "2026-03-03T03:25:28.526Z",
"dateUpdated": "2026-07-03T20:19:39.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28699 (GCVE-0-2026-28699)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea Basic Auth bypasses OAuth2 access token scopes
Summary
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.
Severity ?
8.1 (High)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.1
(semver)
|
Credits
Alardiians
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alardiians"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:38.663Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-9r5x-wg6m-x2rc"
},
{
"name": "GitHub Pull Request #37503",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37503"
},
{
"name": "Gitea v1.26.2 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.2"
},
{
"name": "Gitea v1.26.2 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.2/"
}
],
"title": "Gitea Basic Auth bypasses OAuth2 access token scopes",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-28699",
"datePublished": "2026-07-03T20:19:38.663Z",
"dateReserved": "2026-03-03T03:25:50.232Z",
"dateUpdated": "2026-07-03T20:19:38.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27783 (GCVE-0-2026-27783)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea issue-template APIs bypass repository unit authorization
Summary
Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.1
(semver)
|
Credits
hoangperry
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hoangperry"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:38.321Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-3fwp-p5rj-2pxf"
},
{
"name": "GitHub Pull Request #37769",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37769"
},
{
"name": "GitHub Pull Request #37781",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37781"
},
{
"name": "Gitea v1.26.2 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.2"
},
{
"name": "Gitea v1.26.2 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.2/"
}
],
"title": "Gitea issue-template APIs bypass repository unit authorization",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-27783",
"datePublished": "2026-07-03T20:19:38.321Z",
"dateReserved": "2026-03-03T03:25:50.353Z",
"dateUpdated": "2026-07-03T20:19:38.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27780 (GCVE-0-2026-27780)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea pre-receive hook can miss branch-protection checks after scanner errors
Summary
Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.
Severity ?
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.26.0
(semver)
|
Credits
yonatan-pl
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yonatan-pl"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:37.968Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36963",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36963"
},
{
"name": "Gitea v1.26.0 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.0"
},
{
"name": "Gitea v1.26.0 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.0/"
}
],
"title": "Gitea pre-receive hook can miss branch-protection checks after scanner errors",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-27780",
"datePublished": "2026-07-03T20:19:37.968Z",
"dateReserved": "2026-03-03T03:25:28.724Z",
"dateUpdated": "2026-07-03T20:19:37.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27779 (GCVE-0-2026-27779)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea forwarded-proto handling allows public URL spoofing
Summary
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
fed01k
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fed01k"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:37.622Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36810",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36810"
},
{
"name": "GitHub Pull Request #36836",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36836"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea forwarded-proto handling allows public URL spoofing",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-27779",
"datePublished": "2026-07-03T20:19:37.622Z",
"dateReserved": "2026-03-03T03:25:28.660Z",
"dateUpdated": "2026-07-03T20:19:37.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27775 (GCVE-0-2026-27775)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea pre-receive hook permission cache allows full repository write access
Summary
Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
1.25.5
(semver)
|
Credits
adrian-doyensec
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"status": "affected",
"version": "1.25.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "adrian-doyensec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:37.275Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-649p-mmhf-85c7"
},
{
"name": "GitHub Pull Request #38151",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38151"
},
{
"name": "Gitea v1.26.3 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.3"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "Gitea pre-receive hook permission cache allows full repository write access",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-27775",
"datePublished": "2026-07-03T20:19:37.275Z",
"dateReserved": "2026-03-03T03:25:59.996Z",
"dateUpdated": "2026-07-03T20:19:37.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27771 (GCVE-0-2026-27771)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea Composer package source links use insufficient permission checks
Summary
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.
Severity ?
8.2 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.1
(semver)
|
Credits
DevNoScope
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "DevNoScope"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:36.924Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-8qw8-rq86-9pc2"
},
{
"name": "GitHub Pull Request #37610",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37610"
},
{
"name": "Gitea v1.26.2 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.2"
},
{
"name": "Gitea v1.26.2 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.2/"
}
],
"title": "Gitea Composer package source links use insufficient permission checks",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-27771",
"datePublished": "2026-07-03T20:19:36.924Z",
"dateReserved": "2026-03-03T03:25:50.291Z",
"dateUpdated": "2026-07-03T20:19:36.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27761 (GCVE-0-2026-27761)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea repository feeds bypass API token scope enforcement
Summary
Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.2
(semver)
|
Credits
babakizo420
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "babakizo420"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:36.576Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-3pww-vcvm-3gmj"
},
{
"name": "GitHub Pull Request #38147",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38147"
},
{
"name": "Gitea v1.26.3 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.3"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "Gitea repository feeds bypass API token scope enforcement",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-27761",
"datePublished": "2026-07-03T20:19:36.576Z",
"dateReserved": "2026-03-03T03:26:00.375Z",
"dateUpdated": "2026-07-03T20:19:36.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27660 (GCVE-0-2026-27660)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea draft releases use insufficient permission checks
Summary
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
anticomputer
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "anticomputer"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:36.226Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36659",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36659"
},
{
"name": "GitHub Pull Request #36715",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36715"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea draft releases use insufficient permission checks",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-27660",
"datePublished": "2026-07-03T20:19:36.226Z",
"dateReserved": "2026-02-22T15:13:33.679Z",
"dateUpdated": "2026-07-03T20:19:36.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27657 (GCVE-0-2026-27657)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea email settings allow changing another user's primary email address
Summary
Gitea versions before 1.25.5 allow a user to change another user's primary email address.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
CsEnox
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CsEnox"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 allow a user to change another user\u0027s primary email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:35.873Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36586",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36586"
},
{
"name": "GitHub Pull Request #36607",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36607"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea email settings allow changing another user\u0027s primary email address",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-27657",
"datePublished": "2026-07-03T20:19:35.873Z",
"dateReserved": "2026-02-22T15:13:33.716Z",
"dateUpdated": "2026-07-03T20:19:35.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26307 (GCVE-0-2026-26307)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea git grep search lacks a timeout
Summary
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
uug4na
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "uug4na"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:35.520Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36809",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36809"
},
{
"name": "GitHub Pull Request #36835",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36835"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea git grep search lacks a timeout",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-26307",
"datePublished": "2026-07-03T20:19:35.520Z",
"dateReserved": "2026-03-03T03:25:28.646Z",
"dateUpdated": "2026-07-03T20:19:35.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26292 (GCVE-0-2026-26292)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions
Summary
Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
allsmog
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "allsmog"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:35.166Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36665",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36665"
},
{
"name": "GitHub Pull Request #36691",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36691"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-26292",
"datePublished": "2026-07-03T20:19:35.166Z",
"dateReserved": "2026-02-22T15:13:33.694Z",
"dateUpdated": "2026-07-03T20:19:35.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26247 (GCVE-0-2026-26247)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange
Summary
Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
Aisle Research
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Aisle Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:34.820Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36462",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36462"
},
{
"name": "GitHub Pull Request #36477",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36477"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-26247",
"datePublished": "2026-07-03T20:19:34.820Z",
"dateReserved": "2026-03-03T03:25:28.654Z",
"dateUpdated": "2026-07-03T20:19:34.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26232 (GCVE-0-2026-26232)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea OAuth2 authorization codes lack expiry and reuse enforcement
Summary
Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange.
Severity ?
No CVSS data available.
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
sammiee5311
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sammiee5311"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:34.473Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36797",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36797"
},
{
"name": "GitHub Pull Request #36851",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36851"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea OAuth2 authorization codes lack expiry and reuse enforcement",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-26232",
"datePublished": "2026-07-03T20:19:34.473Z",
"dateReserved": "2026-03-03T03:25:28.619Z",
"dateUpdated": "2026-07-03T20:19:34.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26231 (GCVE-0-2026-26231)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea maintainer-edit permissions allow unauthorized commits to readable repositories
Summary
Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.
Severity ?
8.5 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.1
(semver)
|
Credits
ddd
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ddd"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:34.133Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-mm7c-rhg6-qr4r"
},
{
"name": "GitHub Pull Request #37479",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37479"
},
{
"name": "GitHub Pull Request #37484",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37484"
},
{
"name": "Gitea v1.26.2 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.2"
},
{
"name": "Gitea v1.26.2 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.2/"
}
],
"title": "Gitea maintainer-edit permissions allow unauthorized commits to readable repositories",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-26231",
"datePublished": "2026-07-03T20:19:34.133Z",
"dateReserved": "2026-03-03T03:25:59.965Z",
"dateUpdated": "2026-07-03T20:19:34.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25782 (GCVE-0-2026-25782)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea tracked-time deletion can target entries from another issue
Summary
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue.
Severity ?
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
CsEnox
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CsEnox"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:33.790Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36664",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36664"
},
{
"name": "GitHub Pull Request #36689",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36689"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea tracked-time deletion can target entries from another issue",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-25782",
"datePublished": "2026-07-03T20:19:33.790Z",
"dateReserved": "2026-02-22T15:13:33.711Z",
"dateUpdated": "2026-07-03T20:19:33.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25779 (GCVE-0-2026-25779)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea redirect handling permits open redirects through backslash paths
Summary
Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.25.4
(semver)
|
Credits
quirmz
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.25.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "quirmz"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:33.452Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-j5r2-4c8j-xc3m"
},
{
"name": "GitHub Pull Request #36660",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36660"
},
{
"name": "GitHub Pull Request #36716",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36716"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea redirect handling permits open redirects through backslash paths",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-25779",
"datePublished": "2026-07-03T20:19:33.452Z",
"dateReserved": "2026-02-22T15:13:33.665Z",
"dateUpdated": "2026-07-03T20:19:33.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25718 (GCVE-0-2026-25718)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea template repository generation mishandles symlinked paths
Summary
Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.
Severity ?
No CVSS data available.
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
yonatan-pl
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yonatan-pl"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:33.104Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36734",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36734"
},
{
"name": "GitHub Pull Request #36746",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36746"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea template repository generation mishandles symlinked paths",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-25718",
"datePublished": "2026-07-03T20:19:33.104Z",
"dateReserved": "2026-02-22T15:13:33.721Z",
"dateUpdated": "2026-07-03T20:19:33.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25714 (GCVE-0-2026-25714)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea user organization API bypasses public-only token filtering
Summary
Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , ≤ 1.26.1
(semver)
|
Credits
Medoedus
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Medoedus"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:32.756Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-8629-vc8r-5p58"
},
{
"name": "GitHub Pull Request #37118",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/37118"
},
{
"name": "Gitea v1.26.2 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.2"
},
{
"name": "Gitea v1.26.2 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.2/"
}
],
"title": "Gitea user organization API bypasses public-only token filtering",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-25714",
"datePublished": "2026-07-03T20:19:32.756Z",
"dateReserved": "2026-03-03T03:25:50.209Z",
"dateUpdated": "2026-07-03T20:19:32.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25712 (GCVE-0-2026-25712)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:19 – Updated: 2026-07-03 20:19
VLAI?
Title
Gitea organization permission APIs expose private visibility information
Summary
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
0 , < 1.25.5
(semver)
|
Credits
Maximilian Luff, Daniel Zahl, Marcus Gelderie
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThan": "1.25.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Maximilian Luff, Daniel Zahl, Marcus Gelderie"
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:19:32.421Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Pull Request #36798",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36798"
},
{
"name": "GitHub Pull Request #36841",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/36841"
},
{
"name": "Gitea v1.25.5 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.5"
},
{
"name": "Gitea v1.25.5 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.25.5/"
}
],
"title": "Gitea organization permission APIs expose private visibility information",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-25712",
"datePublished": "2026-07-03T20:19:32.421Z",
"dateReserved": "2026-03-03T03:25:28.672Z",
"dateUpdated": "2026-07-03T20:19:32.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}