CVE-2026-27775
Low risk· EPSS 10%Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
In Gitea 1.25.5, branch-specific write-permission results are cached across multiple refs within a single pre-receive hook session. This allows a per-branch maintainer-edit grant to be reused for other refs, escalating to full repository write access.
Risk Assessment
The organization is at risk of unauthorized repository modifications by users who should have limited permissions only to selected branches. This could lead to code integrity breaches and uncontrolled changes.
Recommendation
Immediately update Gitea to a version where this vulnerability is fixed, and review access logs for signs of abuse.
Original NVD description (English source)
Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access.

