Authorization Bypass in Gitea Product by Gitea
CVE-2026-27783
4.3MEDIUM
What is CVE-2026-27783?
Gitea versions up to and including 1.26.1 have a vulnerability where repository unit authorization is not enforced on issue-template API endpoints. This oversight may allow unauthorized access, enabling users to potentially manipulate issue templates without proper permissions. Users are advised to upgrade to Gitea version 1.26.2 or higher, where this issue has been addressed to ensure secure API endpoint access.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.26.1
