CVE-2026-27783
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
A vulnerability in Gitea up to version 1.26.1 inclusive does not enforce repository-unit authorization on issue-template API endpoints. This allows unauthorized users to access sensitive data or functions related to issue templates.
Risk Assessment
The risk involves unauthorized access to issue templates, potentially leading to information disclosure or manipulation of the issue reporting process in the repository.
Recommendation
It is recommended to immediately upgrade Gitea to version 1.26.2 or later, which includes a fix enforcing authorization on these API endpoints.
Original NVD description (English source)
Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints.

