Data Access Issue in Gitea Versions Prior to 1.25.5
CVE-2026-27660

Currently unrated

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-27660?

Gitea versions prior to 1.25.5 contain a significant access control vulnerability that allows unauthorized users to access draft release data and attachments. This flaw compromises the integrity of permissions, enabling potentially sensitive information to be exposed without the necessary write permissions. Users are encouraged to update to Gitea version 1.25.5 or later to mitigate this security risk.

Affected Version(s)

Gitea Open Source Git Server 0 < 1.25.5

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

anticomputer
.