CVE-2026-27660 PUBLISHED

Gitea draft releases use insufficient permission checks

Assigner: Gitea
Reserved: 22.02.2026 Published: 03.07.2026 Updated: 03.07.2026

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission.

Product Status

Vendor Gitea
Product Gitea Open Source Git Server
Versions Default: unaffected
  • affected from 0 to 1.25.5 (excl.)

Credits

  • anticomputer reporter

References

Problem Types

  • CWE-284 CWE