CVE Catalog

CVE-2026-24451

Low risk· EPSS 10%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A vulnerability in Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to unauthorized forks.

Risk Assessment

The organization risks data leakage when a repository is set to private but its fork continues to synchronize, revealing confidential information to unauthorized users.

Recommendation

Immediately update Gitea to a patched version and review all forks of repositories that changed to private to ensure synchronization has been stopped.

Original NVD description (English source)

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS