CVE-2026-27771
HIGH
8.2
CVSS 3.0
Description
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.
Metadata
Severity & Metrics
8.2
HIGH CVSS 3.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Gitea | Gitea Open Source Git Server | — | 0 ≤ 1.26.1 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-862 | cna | Missing Authorization |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 8.2 | HIGH | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
References (4)
- GitHub Security Advisory https://github.com/go-gitea/gitea/security/advisories/GHSA-8qw8-rq86-9pc2
- GitHub Pull Request #37610 https://github.com/go-gitea/gitea/pull/37610
- Gitea v1.26.2 Release https://github.com/go-gitea/gitea/releases/tag/v1.26.2
- Gitea v1.26.2 Release Blog Post https://blog.gitea.com/release-of-1.26.2/