Repository Ownership Validation Issue in Gitea by Gitea
CVE-2026-20912
9.1CRITICAL
What is CVE-2026-20912?
Gitea has a vulnerability that stems from inadequate validation of repository ownership when linking attachments to software releases. This allows for the possibility of an attachment uploaded to a private repository being improperly connected to a release in a public repository, which may expose sensitive information to unauthorized users. Such a flaw highlights the critical importance of robust ownership validation mechanisms to prevent potential data breaches in collaborative environments.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.25.3
