All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-26231
HIGHpublished 2026-07-03 21:16 UTC · 18 hours ago
8.5
CVSS / 10
// description
Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.
// weaknesses (CWE)
- CWE-863