OAuth2 Authorization Flaws in Gitea Affecting Multiple Versions
CVE-2026-26232
Currently unrated
What is CVE-2026-26232?
Gitea versions prior to 1.25.5 exhibit inconsistencies in enforcing the expiry and single-use constraints of OAuth2 authorization codes during token exchanges. This vulnerability could potentially allow for unauthorized access and misuse of tokens that should be time-limited and used only once. Users are encouraged to upgrade to Gitea 1.25.5 or later to mitigate these security concerns.
Affected Version(s)
Gitea Open Source Git Server 0 < 1.25.5
