Inadequate Attachment Deletion Verification in Gitea by Gitea
CVE-2026-20736
7.5HIGH
What is CVE-2026-20736?
Gitea has a security vulnerability that allows users to delete attachments from repositories without proper authorization. This issue arises when a user who has previously uploaded an attachment to a repository is able to delete it even after losing access, by making the deletion request through a different repository that they still have access to. This flaw can lead to unauthorized data manipulation and poses a risk to the integrity of repository content. It is critical for users to ensure that they are using the latest version of Gitea to mitigate this issue.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.25.3
