Data Access Issue in Gitea Versions Prior to 1.25.5
CVE-2026-27660
Currently unrated
What is CVE-2026-27660?
Gitea versions prior to 1.25.5 contain a significant access control vulnerability that allows unauthorized users to access draft release data and attachments. This flaw compromises the integrity of permissions, enabling potentially sensitive information to be exposed without the necessary write permissions. Users are encouraged to update to Gitea version 1.25.5 or later to mitigate this security risk.
Affected Version(s)
Gitea Open Source Git Server 0 < 1.25.5
