CVE Catalog
CVE-2026-24690
Low risk· EPSS 5%Exploitation Probability (EPSS)
Low risk0.16%
5th percentile — higher than 5% of all known CVEs
Summary
The vulnerability in Gitea versions before 1.25.5 is due to insufficient permission checks when updating or rebasing pull request branches. This allows unauthorized users to modify branches without proper permissions.
Risk Assessment
The organization is at risk of unauthorized changes to source code, which could lead to injection of malicious code or compromise of repository integrity.
Recommendation
It is recommended to immediately upgrade Gitea to version 1.25.5 or later, which includes a fix for the insufficient permission check vulnerability.
Original NVD description (English source)
Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches.

