OAuth2 Authorization Flaws in Gitea Affecting Multiple Versions
CVE-2026-26232

Currently unrated

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-26232?

Gitea versions prior to 1.25.5 exhibit inconsistencies in enforcing the expiry and single-use constraints of OAuth2 authorization codes during token exchanges. This vulnerability could potentially allow for unauthorized access and misuse of tokens that should be time-limited and used only once. Users are encouraged to upgrade to Gitea 1.25.5 or later to mitigate these security concerns.

Affected Version(s)

Gitea Open Source Git Server 0 < 1.25.5

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

sammiee5311
.