Email Address Manipulation in Gitea by Gitea
CVE-2026-27657

Currently unrated

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-27657?

Versions of Gitea before 1.25.5 are susceptible to a vulnerability that allows users to change the primary email address of other users. This unauthorized modification can lead to various security issues, including potential account takeovers and phishing attacks. The Gitea team has addressed this vulnerability in version 1.25.5, which can be reviewed in their release notes.

Affected Version(s)

Gitea Open Source Git Server 0 < 1.25.5

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CsEnox
.