OAuth Sign-In Callback Issue in Gitea by Gitea
CVE-2026-58422
Currently unrated
What is CVE-2026-58422?
A vulnerability exists in Gitea where improper authorization during the OAuth sign-in callback process allows for the silent re-enablement of accounts that administrators have disabled. This issue could pose a significant risk as it enables unauthorized access for accounts that should remain inactive, undermining the security protocols set by administrators. Users are advised to apply the latest updates to mitigating this issue and ensure their account settings are regularly reviewed.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.26.1
