CVE-2026-26231
HIGH
8.5
CVSS 3.1
Description
Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.
Metadata
Severity & Metrics
8.5
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Gitea | Gitea Open Source Git Server | — | 0 ≤ 1.26.1 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-863 | cna | CWE-863 |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 8.5 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N |
References (5)
- GitHub Security Advisory https://github.com/go-gitea/gitea/security/advisories/GHSA-mm7c-rhg6-qr4r
- GitHub Pull Request #37479 https://github.com/go-gitea/gitea/pull/37479
- GitHub Pull Request #37484 https://github.com/go-gitea/gitea/pull/37484
- Gitea v1.26.2 Release https://github.com/go-gitea/gitea/releases/tag/v1.26.2
- Gitea v1.26.2 Release Blog Post https://blog.gitea.com/release-of-1.26.2/