CVE Catalog

CVE-2026-22547

Low risk· EPSS 6%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

In Gitea versions before 1.25.5, validation constraints for repository creation fields are missing, including length-limited template fields and trust model or object format values.

Risk Assessment

Lack of validation may allow an attacker to inject malformed data, potentially leading to unexpected behavior or compromise of repository integrity.

Recommendation

It is recommended to immediately upgrade Gitea to version 1.25.5 or later, which includes the necessary validation fixes.

Original NVD description (English source)

Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS