CVE Catalog

CVE-2026-20706

Low risk· EPSS 17%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

A vulnerability in Gitea up to version 1.26.1 allows repository archive downloads to bypass token scope checks on the web archive download endpoint.

Risk Assessment

An attacker could exploit this flaw to gain unauthorized access to repository archives, potentially leading to the leakage of sensitive data.

Recommendation

It is recommended to immediately upgrade Gitea to a version later than 1.26.1, which includes a fix for this vulnerability.

Original NVD description (English source)

Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS