OAuth2 Authorization Vulnerability in Gitea by Gitea Team
CVE-2026-26247
Currently unrated
What is CVE-2026-26247?
Versions of Gitea prior to 1.25.5 contain a vulnerability where the OAuth2 PKCE S256 challenge method is not properly persisted during the authorization process. This oversight allows for the potential of a token exchange to occur without the necessary verification checks being enforced. As a result, malicious actors may exploit this weakness to bypass security measures, potentially leading to unauthorized access to sensitive resources.
Affected Version(s)
Gitea Open Source Git Server 0 < 1.25.5
