CVE Catalog
CVE-2026-27657
Low risk· EPSS 6%Exploitation Probability (EPSS)
Low risk0.17%
6th percentile — higher than 6% of all known CVEs
Summary
A vulnerability in Gitea before version 1.25.5 allows a user to change another user's primary email address.
Risk Assessment
An attacker could take over a victim's account by changing their email address, potentially leading to unauthorized access and data theft.
Recommendation
Immediately update Gitea to version 1.25.5 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Gitea versions before 1.25.5 allow a user to change another user's primary email address.

