HIGH 8.2
GHSA-8qw8-rq86-9pc2
Gitea has insufficient permission checks for Composer package source links
Details
### CVE Description Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.
### Summary A critical vulnerability has been discovered in Gitea. It was already reported via (security@gitea.io) from (dev@noscope.com), and submitted an encrypted report.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/go-gitea/gitea/security/advisories/GHSA-8qw8-rq86-9pc2 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-27771 [ADVISORY]
- https://github.com/go-gitea/gitea/pull/37610 [WEB]
- https://blog.gitea.com/release-of-1.26.2 [WEB]
- https://github.com/go-gitea/gitea [PACKAGE]
- https://github.com/go-gitea/gitea/releases/tag/v1.26.2 [WEB]