Write Permission Escalation in Gitea by Go Gitea
CVE-2026-27775
Currently unrated
What is CVE-2026-27775?
In Gitea version 1.25.5, a vulnerability has been identified that allows branch-specific write permission results to be cached during pre-receive hook sessions. This flaw can be exploited, as a maintainer's edit privileges for a specific branch can be misused to gain write access to other references within the repository, potentially leading to unauthorized changes or exposures. It is crucial for users to upgrade to the latest version to mitigate this risk.
Affected Version(s)
Gitea Open Source Git Server 1.25.5
