CVE Catalog

CVE-2026-26231

HighCVSS 8.5
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

A vulnerability in Gitea up to version 1.26.1 allows users with read-only access to a repository to authorize commits via the 'Allow edits from maintainers' permission path. This bypasses intended write restrictions.

Risk Assessment

The risk is that an unauthorized user can modify code in a repository they should only be able to read, potentially leading to integrity breaches and unauthorized changes.

Recommendation

Immediately upgrade Gitea to version 1.26.2 or later, which includes a fix for this vulnerability. Also review repository permission configurations.

Original NVD description (English source)

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS