CVE Catalog

CVE-2026-20750

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile - higher than 31% of all known CVEs

Summary

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.

Risk Assessment

The risk involves unauthorized modification of projects across different organizations, potentially leading to data integrity and confidentiality breaches.

Recommendation

Update Gitea to a version that includes the fix for project ownership validation. As a temporary measure, restrict project access to trusted users only.

Original NVD description (English source)

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS