Repository Ownership Validation Flaw in Gitea by Gitea
CVE-2026-20897
9.1CRITICAL
What is CVE-2026-20897?
Gitea is affected by a vulnerability where insufficient validation of repository ownership allows a user with write access to one repository to delete Git LFS locks from other repositories. This flaw can lead to unauthorized actions and potential data integrity issues, impacting collaborative environments and workflows.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.25.3
