CVE-2026-27771
HighCVSS 8.2Exploitation Probability (EPSS)
Very high risk98th percentile — higher than 98% of all known CVEs
Summary
A vulnerability in Gitea up to version 1.26.1 is caused by insufficient permission checks for Composer package source links. This can expose private or internal package source information.
Risk Assessment
The risk involves potential leakage of sensitive information about internal package repositories, which could facilitate attacks on infrastructure or intellectual property theft.
Recommendation
It is recommended to immediately upgrade Gitea to version 1.26.2 or later, which includes a fix for this vulnerability. Also review permission settings for Composer packages.
Original NVD description (English source)
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.

