SecBoard
Zurück zur CVE-Übersicht

CVE-2026-26231

HIGH(8.5)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N

Risk Signal Score26/100 — MITTEL
  • CVSS 8.5 — Hoch

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

8.5

Technische Schwere

Beschreibung

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.

GitHub Advisories

GHSA-mm7c-rhg6-qr4rHIGH

Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo

go/code.gitea.io/gitea1.26.2
GitHub Advisory

Referenzen