CVE Catalog

CVE-2026-27657

Low risk· EPSS 6%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

A vulnerability in Gitea before version 1.25.5 allows a user to change another user's primary email address.

Risk Assessment

An attacker could take over a victim's account by changing their email address, potentially leading to unauthorized access and data theft.

Recommendation

Immediately update Gitea to version 1.25.5 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Gitea versions before 1.25.5 allow a user to change another user's primary email address.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS