Project Ownership Validation Flaw in Gitea by Gitea
CVE-2026-20750
9.1CRITICAL
What is CVE-2026-20750?
A vulnerability in Gitea allows users with write access to projects within one organization to unintentionally modify projects belonging to another organization. This issue arises due to insufficient validation of project ownership during organization project operations, posing a significant risk of unauthorized actions being executed against critical projects. Organizations using Gitea should implement the latest security updates to mitigate this risk.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.25.3
