CVE-2026-0798

Low CVSS: 3.5

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.

Vendor

Gitea

Product

Gitea

CWE

CWE-284

Yayın Tarihi

2026-01-22 22:16:15

Güncelleme

2026-01-29 21:59:24

Source Identifier

88ee5874-cf24-4952-aea0-31affedb7ff2

KEV Date Added

Kategoriler

CWE-284 Gitea LOW Gitea 2026

Referanslar

https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36319 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-f4wq-6ww5-m56p

Benzer Kayıtlar

Medium

CVE-2026-20904

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to cha…

Critical

CVE-2026-20912

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a…

Critical

CVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repos…

High

CVE-2026-20736

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachmen…

Critical

CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access…

Medium

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a…