Authorization Bypass in Gitea Product by Gitea
CVE-2026-27783

4.3MEDIUM

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-27783?

Gitea versions up to and including 1.26.1 have a vulnerability where repository unit authorization is not enforced on issue-template API endpoints. This oversight may allow unauthorized access, enabling users to potentially manipulate issue templates without proper permissions. Users are advised to upgrade to Gitea version 1.26.2 or higher, where this issue has been addressed to ensure secure API endpoint access.

Affected Version(s)

Gitea Open Source Git Server 0 <= 1.26.1

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

hoangperry
.