CVE Field Guide
About Us
CVE-2026-58422
PUBLISHED
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
Assigner:
Gitea
Reserved:
30.06.2026
Published:
03.07.2026
Updated:
03.07.2026
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
Product Status
Vendor
Gitea
Product
Gitea Open Source Git Server
Versions
Default:
unaffected
affected from 0 to 1.26.1 (incl.)
References
GitHub Security Advisory
GitHub Pull Request #38009
Gitea v1.26.4 Release
Gitea v1.26.4 Release Blog Post
Problem Types
CWE-284
CWE