CVE Catalog

CVE-2026-27783

MediumCVSS 4.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A vulnerability in Gitea up to version 1.26.1 inclusive does not enforce repository-unit authorization on issue-template API endpoints. This allows unauthorized users to access sensitive data or functions related to issue templates.

Risk Assessment

The risk involves unauthorized access to issue templates, potentially leading to information disclosure or manipulation of the issue reporting process in the repository.

Recommendation

It is recommended to immediately upgrade Gitea to version 1.26.2 or later, which includes a fix enforcing authorization on these API endpoints.

Original NVD description (English source)

Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS