CVE Catalog

CVE-2026-27660

Low risk· EPSS 6%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

A vulnerability in Gitea before version 1.25.5 allows draft release data or attachments to be accessed without the required write permission.

Risk Assessment

An unauthorized user can read confidential data or attachments intended only for draft release authors, leading to information disclosure.

Recommendation

It is recommended to immediately upgrade Gitea to version 1.25.5 or later, which fixes this vulnerability.

Original NVD description (English source)

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS