CVE Catalog
CVE-2026-20706
Low risk· EPSS 17%Exploitation Probability (EPSS)
Low risk0.26%
17th percentile — higher than 17% of all known CVEs
Summary
A vulnerability in Gitea up to version 1.26.1 allows repository archive downloads to bypass token scope checks on the web archive download endpoint.
Risk Assessment
An attacker could exploit this flaw to gain unauthorized access to repository archives, potentially leading to the leakage of sensitive data.
Recommendation
It is recommended to immediately upgrade Gitea to a version later than 1.26.1, which includes a fix for this vulnerability.
Original NVD description (English source)
Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint.

