CVE Catalog

CVE-2026-27771

HighCVSS 8.2
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
40.74%

98th percentile — higher than 98% of all known CVEs

Summary

A vulnerability in Gitea up to version 1.26.1 is caused by insufficient permission checks for Composer package source links. This can expose private or internal package source information.

Risk Assessment

The risk involves potential leakage of sensitive information about internal package repositories, which could facilitate attacks on infrastructure or intellectual property theft.

Recommendation

It is recommended to immediately upgrade Gitea to version 1.26.2 or later, which includes a fix for this vulnerability. Also review permission settings for Composer packages.

Original NVD description (English source)

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS