Write Permission Escalation in Gitea by Go Gitea
CVE-2026-27775

Currently unrated

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-27775?

In Gitea version 1.25.5, a vulnerability has been identified that allows branch-specific write permission results to be cached during pre-receive hook sessions. This flaw can be exploited, as a maintainer's edit privileges for a specific branch can be misused to gain write access to other references within the repository, potentially leading to unauthorized changes or exposures. It is crucial for users to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Gitea Open Source Git Server 1.25.5

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

adrian-doyensec
.