Repository Forking Vulnerability in Gitea by Gitea Company
CVE-2026-22555
8.1HIGH
What is CVE-2026-22555?
Versions of Gitea prior to 1.26.0 contain a flaw that allows API users to fork repositories into an organization without completing the necessary CanCreateOrgRepo check. This oversight can inadvertently expose sensitive organization secrets, thereby posing a security risk. Users are advised to upgrade to version 1.26.0 or later to mitigate this issue and secure their repositories against unauthorized access.
Affected Version(s)
Gitea Open Source Git Server 0 < 1.26.0
