CVE Field Guide
About Us
CVE-2026-27657
PUBLISHED
Gitea email settings allow changing another user's primary email address
Assigner:
Gitea
Reserved:
22.02.2026
Published:
03.07.2026
Updated:
03.07.2026
Gitea versions before 1.25.5 allow a user to change another user's primary email address.
Product Status
Vendor
Gitea
Product
Gitea Open Source Git Server
Versions
Default:
unaffected
affected from 0 to 1.25.5 (excl.)
Credits
CsEnox
reporter
References
GitHub Pull Request #36586
GitHub Pull Request #36607
Gitea v1.25.5 Release
Gitea v1.25.5 Release Blog Post
Problem Types
Authorization Bypass Through User-Controlled Key
CWE