CVE-2026-26231 PUBLISHED

Gitea maintainer-edit permissions allow unauthorized commits to readable repositories

Assigner: Gitea
Reserved: 03.03.2026 Published: 03.07.2026 Updated: 03.07.2026

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
CVSS Score: 8.5

Product Status

Vendor Gitea
Product Gitea Open Source Git Server
Versions Default: unaffected
  • affected from 0 to 1.26.1 (incl.)

Credits

  • ddd reporter

References

Problem Types

  • CWE-863 CWE