OAuth Sign-In Callback Issue in Gitea by Gitea
CVE-2026-58422

Currently unrated

Key Information:

Vendor

Gitea

Vendor
CVE Published:
3 July 2026

What is CVE-2026-58422?

A vulnerability exists in Gitea where improper authorization during the OAuth sign-in callback process allows for the silent re-enablement of accounts that administrators have disabled. This issue could pose a significant risk as it enables unauthorized access for accounts that should remain inactive, undermining the security protocols set by administrators. Users are advised to apply the latest updates to mitigating this issue and ensure their account settings are regularly reviewed.

Affected Version(s)

Gitea Open Source Git Server 0 <= 1.26.1

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.