CVE Catalog

CVE-2026-25038

Low risk· EPSS 10%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

In Gitea 1.26.2, unauthorized users can access labels of private organizations. This vulnerability allows information disclosure of labels that should be restricted to organization members.

Risk Assessment

The risk involves unauthorized disclosure of private organization labels, potentially leaking sensitive information about projects and internal processes.

Recommendation

Immediately upgrade Gitea to version 1.26.3 or later, which includes a fix for this vulnerability. Also review access permission configurations for organizations.

Original NVD description (English source)

Gitea 1.26.2 allows unauthorized users to access labels of private organizations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS