Unauthorized Commit Authorization in Gitea by Gitea
CVE-2026-26231

8.5HIGH

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-26231?

Certain versions of Gitea, specifically up to and including 1.26.1, mishandle permissions allowing maintainers to grant unauthorized commit access to repositories. This flaw can enable users to make commits in repositories they are only permitted to read, potentially compromising the integrity of the code. Proper access controls are crucial for maintaining repository security and preventing unauthorized modifications.

Affected Version(s)

Gitea Open Source Git Server 0 <= 1.26.1

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ddd
.